Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-22 10:10:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #500 from eborisch/graceful_network_stop

Browse Source 
Permit outgoing network connections during stop action
This commit is contained in:
Christer Edwards
2022-05-04 14:49:26 -06:00
committed by GitHub
parent d0903347a6 24eb03c2e6
commit dbb720fef4
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
usr/local/share/bastille/stop.sh
View File

@@ -49,12 +49,8 @@ fi
for _jail in ${JAILS}; do
## test if running
if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
## remove ip4.addr from firewall table:jails
if [ -n "${bastille_network_loopback}" ]; then
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "$(/usr/sbin/jls -j ${_jail} ip4.addr)"
fi
fi
## Capture ip4.addr address while still running
_ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
# Check if pfctl is present
if which -s pfctl; then
@@ -73,6 +69,13 @@ for _jail in ${JAILS}; do
## stop container
info "[${_jail}]:"
jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
## remove (captured above) ip4.addr from firewall table:jails
if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
pfctl -q -t jails -T delete "${_ip}"
fi
fi
fi
echo
done