various modifications to pull request #10:

- re-fill paragraphs in README - added section about booting ipfw rules - added way to execute ipfw function from commandline (required for booting) - enhanced ipfw.conf parser - enhanced ip address parsing - added v6 support - added jail.conf variable support
2025-12-18 05:01:02 +01:00 · 2020-12-01 18:40:32 +01:00
parent cc30589b1f
commit 615939bccd
2 changed files with 79 additions and 16 deletions
--- a/41
+++ b/41
@@ -29,6 +29,7 @@ stop <jail>                                      - stop a jail
 restart <jail>                                   - restart a jail
 status [<jail>]                                  - display a jail's status
 rc <jail> <mode> [-r <rc.d script>]              - execute an rc-script inside a jail
+ipfw <jail> <mode>                               - add or remove ipfw rules

 ${beg}Managing Jails:${end}
 login <jail> [<user>]                            - login into a jail
@@ -380,6 +381,8 @@ jaildk_rc_mount() {
    done
 }

+
+
 usage_install() {
    fin "Usage: $0 install <jail> [<mode>] [-r rc-function]
 Install <jail> according to its config. Options:
@@ -1169,7 +1172,6 @@ home/$name/root-$version       $name/root                          nullfs  rw' >
    touch $j/etc/.template/ipfw.conf

    bold "creating template config $j/etc/.template/mtree.conf"
-#    touch $j/etc/.template/mtree.conf
    echo '/set type=dir uid=0 gid=0 mode=01777
 .       type=dir mode=0755
 tmp
@@ -1466,10 +1468,24 @@ jaildk_thaw() {
    bold "Done. Thawed jail $jail $version from $image."
 }

+usage_ipfw() {
+    echo "Usage: $0 ipfw <jail> <mode>
+[Un]install ipfw rules. <mode> can be start or stop.
+The jail needs to have a ipfw.conf file, containing
+ipfw rules. You can use variables like \$ip and \$ip6
+and you need to omit the 'ipfw add' of the command."
+    exit 1
+}
+
 jaildk_ipfw() {
    jail=$1
    mode=$2
-    if [ -f "$j/etc/$jail/ipfw.conf" ]; then
+
+    if test -z "$mode"; then
+        usage_ipfw
+    fi
+
+    if test -f "$j/etc/$jail/ipfw.conf"; then
        echo
        bold "Managing IPFW Rules..."
        case $mode in
@@ -1488,11 +1504,24 @@ jaildk_ipfw() {

 jaildk_ipfw_add() {
    jail=$1
+
+    # support jail variables as well
+    load-jail-config $jail
+    
    # Getting current jails IP..
-    jailip=$(jls | grep -E "$jail\$" | awk '{print $2}')
+    ip=`jls -n -j $jail ip4.addr | cut -d= -f2`
+    if test -z "$ip"; then
+        die "Jail $jail doesn't have an ipv4 address!"
+    fi
+
+    ip6=`jls -n -j $jail ip6.addr | cut -d= -f2` # optional, no checks
+    
    # Adding rules
-    cat $j/etc/$jail/ipfw.conf | awk -v jailname="$jail" '{print "ipfw add "$0" // " jailname}' | sed -E "s/\\\$ip/$jailip/g" | while read rule; do $rule; done
-        
+    egrep "^[a-z]" $j/etc/$jail/ipfw.conf | while read LINE; do
+        rule=$(eval echo "ipfw add $LINE // $jail")
+        echo $rule
+        $rule
+    done
 }

 jaildk_ipfw_delete() {
@@ -1529,7 +1558,7 @@ case $runner in
    start|stop|status|restart)
        jaildk_jail $runner $*
        ;;
-    setup|reinstall|install|uninstall|build|blogin|login|clone|create|remove|rc|base|fetch|freeze|thaw)
+    setup|reinstall|install|uninstall|build|blogin|login|clone|create|remove|rc|base|fetch|freeze|thaw|ipfw)
        jaildk_$runner $*
        ;;
    help)