scip/jaildk
1
0
Fork 0
mirror of https://codeberg.org/scip/jaildk.git synced 2025-12-18 13:11:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Added ipfw.conf functions for jail start/stop, to manage firewalling

Browse Source
This commit is contained in:
Culsu
2020-11-30 22:17:49 +01:00
parent f0690c74eb
commit a041a0d0cb
1 changed files with 30 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
jaildk
View File

@@ -764,7 +764,7 @@ Create a new jail from template."
jaildk_create() { jaildk_create() {
jail=$1 jail=$1
# $jail gets overwritten in jaildk_clone or some subcall to .template :-( ... # $jail gets overwritten in jaildk_clone or somewhere...
newjail=$jail newjail=$jail
src=.template src=.template
@@ -782,7 +782,9 @@ jaildk_create() {
jaildk_clone -s $src -d $jail -o $srcversion -n $newversion jaildk_clone -s $src -d $jail -o $srcversion -n $newversion
# some perl magic to extract the hostname (if any) from /etc/jail.conf - and write it into the jails rc.conf # some perl magic to extract the hostname (if any) from /etc/jail.conf - and write it into the jails rc.conf
jailhostname=$(cat /etc/jail.conf | tr -d '\t\r\n ' | perl -ne '$_ =~ /.*'"$newjail"'(\{(?:\{.*\}|[^{])*\})|\w+/; print $1;' | grep -oE 'hostname=[^;]+' | cut -d= -f2) jailhostname=$(cat /etc/jail.conf | tr -d '\t\r\n ' | perl -ne '$_ =~ /.*'"$newjail"'(\{(?:\{.*\}|[^{])*\})|\w+/; print $1;' | grep -oE 'hostname=[^;]+' | cut -d= -f2)
[ -n "$jailhostname" ] && sed -iE 's/^hostname.*$/hostname="'"$jailhostname"'"/' $j/etc/$newjail/local-etc-$newversion/rc.conf echo "new name: $jailhostname"
echo "in path $j/etc/$jail/local-etc-$newversion/rc.conf"
sed -iE 's/^hostname.*$/hostname="'"$jailhostname"'"/' $j/etc/$newjail/local-etc-$newversion/rc.conf
} }
@@ -903,6 +905,7 @@ jaildk_jail() {
;; ;;
*) *)
service jail $mode $jail service jail $mode $jail
jaildk_ipfw $jail $mode
;; ;;
esac esac
fi fi
@@ -1460,6 +1463,31 @@ jaildk_thaw() {
bold "Done. Thawed jail $jail $version from $image." bold "Done. Thawed jail $jail $version from $image."
} }
jaildk_ipfw() {
jail=$1
mode=$2
if [ -f "$j/etc/$jail/ipfw.conf" ]; then
echo
bold "Managing IPFW Rules..."
case $mode in
start)
# Deleting existing rules first to avoid duplicates.
ipfw show | grep -E "// $jail\$" | while read rule; do sh -c "ipfw delete $(echo $rule| awk '{print $1}')"; done
# Getting current jails IP..
jailip=$(jls | grep -E "$jail\$" | awk '{print $2}')
# Adding rules
cat /jail/etc/revprx/ipfw.conf | awk -v jailname="$jail" '{print "ipfw add "$0" // " jailname}' | sed -E "s/\\\$ip/$jailip/g" | while read rule; do $rule; done
;;
stop)
# Deleting rules
ipfw show | grep -E "// $jail\$" | while read rule; do bold "Deleting rule $rule"; sh -c "ipfw delete $(echo $rule| awk '{print $1}')"; done
;;
esac
bold "... done"
echo
fi
}
########################## ##########################
# #