From 4c68b748b6ee67503acc18ffe4d42d7134a217c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:13:48 -0700 Subject: [PATCH 1/6] create: Add --vlan option --- usr/local/share/bastille/create.sh | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 6169e214..b8b61ce4 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -41,14 +41,15 @@ usage() { cat << EOF Options: - -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). - -M | --static-mac Generate a static MAC address for jail (VNET only). - -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). - -L | --linux This option is intended for testing with Linux jails, this is considered experimental. - -T | --thick Creates a thick container, they consume more space as they are self contained and independent. - -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. - -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. - -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. + -D | --dual Creates the jails with both IPv4 and IPv6 networking ('inherit' and 'ip_hostname' only). + -M | --static-mac Generate a static MAC address for jail (VNET only). + -E | --empty Creates an empty container, intended for custom jail builds (thin/thick/linux or unsupported). + -L | --linux This option is intended for testing with Linux jails, this is considered experimental. + -T | --thick Creates a thick container, they consume more space as they are self contained and independent. + -V | --vnet Enables VNET, VNET containers are attached to a virtual bridge interface for connectivity. + -v | --vlan VLANID Creates the jail with specified VLAN ID + -C | --clone Creates a clone container, they are duplicates of the base release, consume low space and preserves changing data. + -B | --bridge Enables VNET, VNET containers are attached to a specified, already existing external bridge. EOF exit 1 @@ -255,7 +256,7 @@ generate_vnet_jail_conf() { else devfs_ruleset_value=13 fi - NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}") + NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}" "${VLAN_ID}") cat << EOF > "${bastille_jail_conf}" ${NAME} { enforce_statfs = 2; @@ -662,6 +663,7 @@ EMPTY_JAIL="" THICK_JAIL="" CLONE_JAIL="" VNET_JAIL="" +VLAN_ID="" LINUX_JAIL="" STATIC_MAC="" DUAL_STACK="" @@ -695,6 +697,10 @@ while [ $# -gt 0 ]; do VNET_JAIL="1" shift ;; + -v|--vlan) + VLAN_ID="${2} + shift 2 + ;; -B|--bridge) VNET_JAIL="1" VNET_JAIL_BRIDGE="1" @@ -742,6 +748,8 @@ elif [ -n "${LINUX_JAIL}" ]; then fi elif [ -n "${CLONE_JAIL}" ] && [ -n "${THICK_JAIL}" ]; then error_exit "Error: Clonejail and Thickjail can't be used together." +elif [ -z "${VNET_JAIL}" ] && [ -z "${VNET_JAIL_BRIDGE}" ] && [ -n "${VLAN_ID}" ]; then + error_exit "Error: VLANs can only be used with VNET and bridged VNET jails." fi NAME="$1" From 8395e8b000c200952e1be19dcd1df7bd16cdaf91 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:28:23 -0700 Subject: [PATCH 2/6] create: More vlan imporvements --- usr/local/share/bastille/create.sh | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index b8b61ce4..58b6e89c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -256,7 +256,7 @@ generate_vnet_jail_conf() { else devfs_ruleset_value=13 fi - NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}" "${VLAN_ID}") + NETBLOCK=$(generate_vnet_jail_netblock "${NAME}" "${VNET_JAIL_BRIDGE}" "${bastille_jail_conf_interface}" "${STATIC_MAC}") cat << EOF > "${bastille_jail_conf}" ${NAME} { enforce_statfs = 2; @@ -609,6 +609,11 @@ create_jail() { # Join together IPv4 and IPv6 parts of ifconfig _ifconfig="${_ifconfig_inet} ${_ifconfig_inet6}" bastille template "${NAME}" ${bastille_template_vnet} --arg EPAIR="${uniq_epair}" --arg GATEWAY="${_gateway}" --arg GATEWAY6="${_gateway6}" --arg IFCONFIG="${_ifconfig}" + + # Add VLAN ID if it was given + if [ -n "${VLAN_ID}" ]; then + bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" + fi fi fi if [ -n "${THICK_JAIL}" ]; then @@ -698,7 +703,11 @@ while [ $# -gt 0 ]; do shift ;; -v|--vlan) - VLAN_ID="${2} + if echo "${2}" | grep -Eq '^[0-9]+$'; then + VLAN_ID="${2} + else + error_exit "Not a valid VLAN ID: ${2}" + fi shift 2 ;; -B|--bridge) From 64447e2b3c4c247fb8b47df5c90c4f78948a00c8 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:32:43 -0700 Subject: [PATCH 3/6] vlans: Add Bastillefile --- .../share/bastille/templates/default/vlan/Bastillefile | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 usr/local/share/bastille/templates/default/vlan/Bastillefile diff --git a/usr/local/share/bastille/templates/default/vlan/Bastillefile b/usr/local/share/bastille/templates/default/vlan/Bastillefile new file mode 100644 index 00000000..6d594446 --- /dev/null +++ b/usr/local/share/bastille/templates/default/vlan/Bastillefile @@ -0,0 +1,6 @@ +ARG VLANID +ARG IFCONFIG="SYNCDHCP" + +SYSRC ifconfig_vnet0="up" +SYSRC vlans_vnet0="${VLANID}" +SYSRC ifconfig_vnet0_${VLANID}="${IFCONFIG}" From 6e7ea625b725786170a4bbcd8f21e14d097822f1 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:33:57 -0700 Subject: [PATCH 4/6] create: Spacing --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 58b6e89c..5539b5dd 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -612,7 +612,7 @@ create_jail() { # Add VLAN ID if it was given if [ -n "${VLAN_ID}" ]; then - bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" + bastille template "${NAME}" ${bastille_template_vlan} --arg VLANID="${VLAN_ID}" --arg IFCONFIG="${_ifconfig}" fi fi fi From 90ceb69eb070c751e098b5e420b5ddb50905d46a Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:34:32 -0700 Subject: [PATCH 5/6] conf: Add vlan template --- usr/local/etc/bastille/bastille.conf.sample | 1 + 1 file changed, 1 insertion(+) diff --git a/usr/local/etc/bastille/bastille.conf.sample b/usr/local/etc/bastille/bastille.conf.sample index 4e6395c9..cfdca5b0 100644 --- a/usr/local/etc/bastille/bastille.conf.sample +++ b/usr/local/etc/bastille/bastille.conf.sample @@ -66,3 +66,4 @@ bastille_template_thick="default/thick" ## default bastille_template_clone="default/clone" ## default: "default/clone" bastille_template_thin="default/thin" ## default: "default/thin" bastille_template_vnet="default/vnet" ## default: "default/vnet" +bastille_template_vlan="default/vlan" ## default: "default/vlan" From dc9e225d8e38422b293c5048e7b17d1381b41133 Mon Sep 17 00:00:00 2001 From: tschettervictor <85497460+tschettervictor@users.noreply.github.com> Date: Mon, 3 Mar 2025 12:38:13 -0700 Subject: [PATCH 6/6] create: Fix shellcheck --- usr/local/share/bastille/create.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/usr/local/share/bastille/create.sh b/usr/local/share/bastille/create.sh index 5539b5dd..8ea7ec7c 100644 --- a/usr/local/share/bastille/create.sh +++ b/usr/local/share/bastille/create.sh @@ -704,7 +704,7 @@ while [ $# -gt 0 ]; do ;; -v|--vlan) if echo "${2}" | grep -Eq '^[0-9]+$'; then - VLAN_ID="${2} + VLAN_ID="${2}" else error_exit "Not a valid VLAN ID: ${2}" fi