From d8914f98929c8b807b65cbdaacde7e040dc7c522 Mon Sep 17 00:00:00 2001 From: pc Date: Sun, 2 Feb 2020 00:28:02 +0000 Subject: [PATCH] Switch from `--option` to `option` and fix typos --- README.md | 22 +++++++++++----------- docs/chapters/networking.rst | 12 ++++++------ docs/chapters/subcommands/rdr.rst | 14 +++++++------- usr/local/share/bastille/rdr.sh | 10 +++++----- 4 files changed, 29 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index a9d25154..3afe2eaf 100644 --- a/README.md +++ b/README.md @@ -165,10 +165,10 @@ The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the `bastille rdr` command at runtime - eg. ``` - bastille rdr --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail - bastille rdr --udp 2053 53 # Same for udp - bastille rdr --list # List dynamic rdr rules - bastille rdr --clear # Clear dynamic rdr rules + bastille rdr tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail + bastille rdr udp 2053 53 # Same for udp + bastille rdr list # List dynamic rdr rules + bastille rdr clear # Clear dynamic rdr rules ``` Note that if you are rediirecting ports where the host is also listening @@ -752,22 +752,22 @@ ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf bastille-rdr ------------ -`bastille rdr` allows yiou to configure dynamic rdr rules for your containers +`bastille rdr` allows you to configure dynamic rdr rules for your containers without modifying pf.conf (assuming you are using the `bastille0` interface for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf as described in the Networking section). ```shell # bastille rdr --help - Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp ] | [--udp ] - # bastille rdr dev1 --tcp 2001 22 - # bastille rdr dev1 --list + Usage: bastille rdr TARGET [clear] | [list] | [tcp ] | [udp ] + # bastille rdr dev1 tcp 2001 22 + # bastille rdr dev1 list rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 - # bastille rdr dev1 --udp 2053 53 - # bastille rdr dev1 --list + # bastille rdr dev1 udp 2053 53 + # bastille rdr dev1 list rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 - # bastille rdr dev1 --clear + # bastille rdr dev1 clear nat cleared ``` diff --git a/docs/chapters/networking.rst b/docs/chapters/networking.rst index 9303e6b2..db3a7f3a 100644 --- a/docs/chapters/networking.rst +++ b/docs/chapters/networking.rst @@ -141,15 +141,15 @@ containers at `10.17.89.45`. ## dynamic rdr anchor (see below) rdr-anchor "rdr/*" -The `rdr-anchor "rdr/*"` anables dynamic rdr rules to be setup using the +The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the `bastille rdr` command at runtime - eg. - bastille rdr --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail - bastille rdr --udp 2053 53 # Same for udp - bastille rdr --list # List dynamic rdr rules - bastille rdr --clear # Clear dynamic rdr rules + bastille rdr tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail + bastille rdr udp 2053 53 # Same for udp + bastille rdr list # List dynamic rdr rules + bastille rdr clear # Clear dynamic rdr rules - Note that if you are rediirecting ports where the host is also listening + Note that if you are redirecting ports where the host is also listening (eg. ssh) you should make sure that the host service is not listening on the cloned interface - eg. for ssh set sshd_flags in rc.conf diff --git a/docs/chapters/subcommands/rdr.rst b/docs/chapters/subcommands/rdr.rst index ddb8fccb..5ee2cd6a 100644 --- a/docs/chapters/subcommands/rdr.rst +++ b/docs/chapters/subcommands/rdr.rst @@ -2,7 +2,7 @@ rdr === -`bastille rdr` allows yiou to configure dynamic rdr rules for your containers +`bastille rdr` allows you to configure dynamic rdr rules for your containers without modifying pf.conf (assuming you are using the `bastille0` interface for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf as described in the Networking section). @@ -14,15 +14,15 @@ sepcify the interface they run on in rc.conf (or other config files) .. code-block:: shell # bastille rdr --help - Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp ] | [--udp ] - # bastille rdr dev1 --tcp 2001 22 - # bastille rdr dev1 --list + Usage: bastille rdr TARGET [clear] | [list] | [tcp ] | [udp ] + # bastille rdr dev1 tcp 2001 22 + # bastille rdr dev1 list rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 - # bastille rdr dev1 --udp 2053 53 - # bastille rdr dev1 --list + # bastille rdr dev1 udp 2053 53 + # bastille rdr dev1 list rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 - # bastille rdr dev1 --clear + # bastille rdr dev1 clear nat cleared diff --git a/usr/local/share/bastille/rdr.sh b/usr/local/share/bastille/rdr.sh index 712ea965..bca00a6d 100644 --- a/usr/local/share/bastille/rdr.sh +++ b/usr/local/share/bastille/rdr.sh @@ -29,7 +29,7 @@ . /usr/local/etc/bastille/bastille.conf usage() { - echo -e "${COLOR_RED}Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp ] | [--udp ]${COLOR_RESET}" + echo -e "${COLOR_RED}Usage: bastille rdr TARGET [clear] | [list] | [tcp ] | [udp ]${COLOR_RESET}" exit 1 } @@ -82,15 +82,15 @@ fi while [ $# -gt 0 ]; do case "$1" in - --list) + list) pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null shift ;; - --clear) + clear) pfctl -a "rdr/${JAIL_NAME}" -Fn shift ;; - --tcp) + tcp) if [ $# -lt 3 ]; then usage fi @@ -99,7 +99,7 @@ while [ $# -gt 0 ]; do | pfctl -a "rdr/${JAIL_NAME}" -f- shift 3 ;; - --udp) + udp) if [ $# -lt 3 ]; then usage fi