Mirrors/hackacad
2
0
Fork 0
mirror of https://github.com/hackacad/bastille.git synced 2025-12-21 01:30:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #898 from BastilleBSD/tschettervictor-patch-1

Browse Source 
stop: Do not attempt any pf actions if it has not been configured
This commit is contained in:
tschettervictor
2025-03-02 17:47:59 -07:00
committed by GitHub
parent fdf5086c34 be6885eb3e
commit fdd42adcb5
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
usr/local/share/bastille/stop.sh
View File

@@ -91,7 +91,7 @@ for _jail in ${JAILS}; do
check_target_is_running "${_jail}" || error_continue "Jail is already stopped." check_target_is_running "${_jail}" || error_continue "Jail is already stopped."
# Remove RDR rules # Remove RDR rules
if [ "$(bastille config ${_jail} get vnet)" != "enabled" ]; then if [ "$(bastille config ${_jail} get vnet)" != "enabled" ] && [ -f "${bastille_pf_conf}" ]; then
_ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')" _ip4="$(bastille config ${_jail} get ip4.addr | sed 's/,/ /g')"
_ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')" _ip6="$(bastille config ${_jail} get ip6.addr | sed 's/,/ /g')"
if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then if [ "${_ip4}" != "not set" ] || [ "${_ip6}" != "not set" ]; then
@@ -114,17 +114,17 @@ for _jail in ${JAILS}; do
jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}" jail ${OPTION} -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
# Remove (captured above) IPs from firewall table # Remove (captured above) IPs from firewall table
if [ "${_ip4}" != "not set" ]; then if [ "${_ip4}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for _ip in ${_ip4}; do for _ip in ${_ip4}; do
if echo "${_ip}" | grep -q "|"; then if echo "${_ip}" | grep -q "|"; then
_ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"
else else
_ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')" _ip="$(echo ${_ip} | sed -E 's#/[0-9]+$##g')"
fi fi
pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}" pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
done done
fi fi
if [ "${_ip6}" != "not set" ]; then if [ "${_ip6}" != "not set" ] && [ -f "${bastille_pf_conf}" ]; then
for _ip in ${_ip6}; do for _ip in ${_ip6}; do
if echo "${_ip}" | grep -q "|"; then if echo "${_ip}" | grep -q "|"; then
_ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')" _ip="$(echo ${_ip} | awk -F"|" '{print $2}' | sed -E 's#/[0-9]+$##g')"