fix bastille0 ip6 support

usr/local/share/bastille/rdr.sh

@@ -120,7 +120,7 @@ load_rdr_rule() {
       | pfctl -a "rdr/${JAIL_NAME}" -f-
 if [ -n "$JAIL_IP6" ]; then
   ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
-  printf '%s\nrdr pass on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP6" "$3" ) \
+  printf '%s\nrdr pass on $%s inet6 proto %s to port %s -> %s port %s\n' "$EXT_IF" "${bastille_network_pf_ext_if}" "$1" "$2" "$JAIL_IP6" "$3" ) \
     | pfctl -a "rdr/${JAIL_NAME}" -f-
 fi
 }
@@ -135,7 +135,7 @@ log=$@
       | pfctl -a "rdr/${JAIL_NAME}" -f-
 if [ -n "$JAIL_IP6" ]; then
   ( pfctl -a "rdr/${JAIL_NAME}" -Psn;
-  printf '%s\nrdr pass %s on $%s inet proto %s to port %s -> %s port %s\n' "$EXT_IF" "$log" "${bastille_network_pf_ext_if}" "$proto" "$host_port" "$JAIL_IP6" "$jail_port" ) \
+  printf '%s\nrdr pass %s on $%s inet6 proto %s to port %s -> %s port %s\n' "$EXT_IF" "$log" "${bastille_network_pf_ext_if}" "$proto" "$host_port" "$JAIL_IP6" "$jail_port" ) \
     | pfctl -a "rdr/${JAIL_NAME}" -f-
 fi
 

usr/local/share/bastille/start.sh

@@ -78,16 +78,20 @@ for _jail in ${JAILS}; do
             fi
         fi
 
-        ## warn if matching configured (but not online) ip4.addr, ignore if there's no ip4.addr entry
-        ip=$(bastille config "${_jail}" get ip4.addr)
-        if [ -n "${ip}" ]; then
+        ## warn if matching configured (but not online) ipX.addr, ignore if there's no ipX.addr entry
+        ips=$(bastille config "${_jail}" get ip4.addr)
+        ips="${ips} $(bastille config "${_jail}" get ip6.addr)"
+        for ip in ${ips}; do
+          ip=$(printf "$ip" | sed -E 's,/[0-9]+,,')
+          if [ -n "${ip}" ]; then
             if ifconfig | grep -wF "${ip}" >/dev/null; then
-                error_notify "Error: IP address (${ip}) already in use."
-                continue
+              error_notify "Error: IP address (${ip}) already in use."
+              continue
             fi
-            ## add ip4.addr to firewall table
+            ## add ipX.addr to firewall table
             pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}"
-        fi
+          fi
+        done
 
         ## start the container
         info "[${_jail}]:"

usr/local/share/bastille/stop.sh

@@ -51,8 +51,9 @@ bastille_root_check
 for _jail in ${JAILS}; do
     ## test if running
     if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
-        ## Capture ip4.addr address while still running
-        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
+        ## Capture ipX.addr address while still running
+        ips="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
+        ips="${ips} $(/usr/sbin/jls -j ${_jail} ip6.addr)"
 
         # Check if pfctl is present
         if which -s pfctl; then
@@ -72,10 +73,12 @@ for _jail in ${JAILS}; do
         info "[${_jail}]:"
         jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
 
-        ## remove (captured above) ip4.addr from firewall table
-        if [ -n "${bastille_network_loopback}" ] && [ ! -z "${_ip}" ]; then
+        ## remove (captured above) ipX.addr from firewall table
+        if [ -n "${bastille_network_loopback}" && ! -z "${ips}" ]; then
             if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
-                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+                for _ip in ${ips}; do
+                    pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+                done
             fi
         fi
     fi