Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-23 10:40:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Switch from --option to option and fix typos

Browse Source
This commit is contained in:
pc
2020-02-02 00:28:02 +00:00
parent fe16a25cee
commit d8914f9892
4 changed files with 29 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
README.md
View File

@@ -165,10 +165,10 @@ The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
`bastille rdr` command at runtime - eg. `bastille rdr` command at runtime - eg.
``` ```
bastille rdr <jail> --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail bastille rdr <jail> tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
bastille rdr <jail> --udp 2053 53 # Same for udp bastille rdr <jail> udp 2053 53 # Same for udp
bastille rdr <jail> --list # List dynamic rdr rules bastille rdr <jail> list # List dynamic rdr rules
bastille rdr <jail> --clear # Clear dynamic rdr rules bastille rdr <jail> clear # Clear dynamic rdr rules
``` ```
Note that if you are rediirecting ports where the host is also listening Note that if you are rediirecting ports where the host is also listening
@@ -752,22 +752,22 @@ ishmael ~ # bastille cp ALL /tmp/resolv.conf-cf etc/resolv.conf
bastille-rdr bastille-rdr
------------ ------------
`bastille rdr` allows yiou to configure dynamic rdr rules for your containers `bastille rdr` allows you to configure dynamic rdr rules for your containers
without modifying pf.conf (assuming you are using the `bastille0` interface without modifying pf.conf (assuming you are using the `bastille0` interface
for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
as described in the Networking section). as described in the Networking section).
```shell ```shell
# bastille rdr --help # bastille rdr --help
Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp <host_port> <jail_port>] | [--udp <host_port> <jail_port>] Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]
# bastille rdr dev1 --tcp 2001 22 # bastille rdr dev1 tcp 2001 22
# bastille rdr dev1 --list # bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
# bastille rdr dev1 --udp 2053 53 # bastille rdr dev1 udp 2053 53
# bastille rdr dev1 --list # bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
# bastille rdr dev1 --clear # bastille rdr dev1 clear
nat cleared nat cleared
``` ```

12
docs/chapters/networking.rst
View File

@@ -141,15 +141,15 @@ containers at `10.17.89.45`.
## dynamic rdr anchor (see below) ## dynamic rdr anchor (see below)
rdr-anchor "rdr/*" rdr-anchor "rdr/*"
The `rdr-anchor "rdr/*"` anables dynamic rdr rules to be setup using the The `rdr-anchor "rdr/*"` enables dynamic rdr rules to be setup using the
`bastille rdr` command at runtime - eg. `bastille rdr` command at runtime - eg.
bastille rdr <jail> --tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail bastille rdr <jail> tcp 2001 22 # Redirects tcp port 2001 on host to 22 on jail
bastille rdr <jail> --udp 2053 53 # Same for udp bastille rdr <jail> udp 2053 53 # Same for udp
bastille rdr <jail> --list # List dynamic rdr rules bastille rdr <jail> list # List dynamic rdr rules
bastille rdr <jail> --clear # Clear dynamic rdr rules bastille rdr <jail> clear # Clear dynamic rdr rules
Note that if you are rediirecting ports where the host is also listening Note that if you are redirecting ports where the host is also listening
(eg. ssh) you should make sure that the host service is not listening on (eg. ssh) you should make sure that the host service is not listening on
the cloned interface - eg. for ssh set sshd_flags in rc.conf the cloned interface - eg. for ssh set sshd_flags in rc.conf

14
docs/chapters/subcommands/rdr.rst
View File

@@ -2,7 +2,7 @@
rdr rdr
=== ===
`bastille rdr` allows yiou to configure dynamic rdr rules for your containers `bastille rdr` allows you to configure dynamic rdr rules for your containers
without modifying pf.conf (assuming you are using the `bastille0` interface without modifying pf.conf (assuming you are using the `bastille0` interface
for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf for a private network and have enabled `rdr-anchor 'rdr/*'` in /etc/pf.conf
as described in the Networking section). as described in the Networking section).
@@ -14,15 +14,15 @@ sepcify the interface they run on in rc.conf (or other config files)
.. code-block:: shell .. code-block:: shell
# bastille rdr --help # bastille rdr --help
Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp <host_port> <jail_port>] | [--udp <host_port> <jail_port>] Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]
# bastille rdr dev1 --tcp 2001 22 # bastille rdr dev1 tcp 2001 22
# bastille rdr dev1 --list # bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
# bastille rdr dev1 --udp 2053 53 # bastille rdr dev1 udp 2053 53
# bastille rdr dev1 --list # bastille rdr dev1 list
rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22 rdr on em0 inet proto tcp from any to any port = 2001 -> 10.17.89.1 port 22
rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53 rdr on em0 inet proto udp from any to any port = 2053 -> 10.17.89.1 port 53
# bastille rdr dev1 --clear # bastille rdr dev1 clear
nat cleared nat cleared

10
usr/local/share/bastille/rdr.sh
View File

@@ -29,7 +29,7 @@
. /usr/local/etc/bastille/bastille.conf . /usr/local/etc/bastille/bastille.conf
usage() { usage() {
echo -e "${COLOR_RED}Usage: bastille rdr TARGET [--clear] | [--list] | [--tcp <host_port> <jail_port>] | [--udp <host_port> <jail_port>]${COLOR_RESET}" echo -e "${COLOR_RED}Usage: bastille rdr TARGET [clear] | [list] | [tcp <host_port> <jail_port>] | [udp <host_port> <jail_port>]${COLOR_RESET}"
exit 1 exit 1
} }
@@ -82,15 +82,15 @@ fi
while [ $# -gt 0 ]; do while [ $# -gt 0 ]; do
case "$1" in case "$1" in
--list) list)
pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null pfctl -a "rdr/${JAIL_NAME}" -Psn 2>/dev/null
shift shift
;; ;;
--clear) clear)
pfctl -a "rdr/${JAIL_NAME}" -Fn pfctl -a "rdr/${JAIL_NAME}" -Fn
shift shift
;; ;;
--tcp) tcp)
if [ $# -lt 3 ]; then if [ $# -lt 3 ]; then
usage usage
fi fi
@@ -99,7 +99,7 @@ while [ $# -gt 0 ]; do
| pfctl -a "rdr/${JAIL_NAME}" -f- | pfctl -a "rdr/${JAIL_NAME}" -f-
shift 3 shift 3
;; ;;
--udp) udp)
if [ $# -lt 3 ]; then if [ $# -lt 3 ]; then
usage usage
fi fi