Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix pfctl being invoked when NAT is not used + change ip var to ip4 #769

Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Fix pfctl being invoked when NAT is not used + change ip var to ip4 #769

wants to merge 6 commits into from

Conversation

tschettervictor
Copy link
Contributor

This PR fixes an issue where pfctl is invoked even when NAT is not being used. This prints unecessary error for folks using only VNET jails.

It also changes command to find ip4.addr to the bastille native config command which will return "not set" if ip4.addr is not found, instead of returning a -

@tschettervictor
Copy link
Contributor Author

#346

@tschettervictor tschettervictor mentioned this pull request Dec 10, 2024
Open
@tschettervictor
Copy link
Contributor Author

I also changed the _ip to _ip4 as it only greps for the ip4.addr value.
This will allow us to implement similar functions for future ip6 usage.

michael-o
michael-o suggested changes Dec 10, 2024
View reviewed changes
Copy link
Contributor

@michael-o michael-o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

start.sh suffers from the same problem.

@tschettervictor
Copy link
Contributor Author

Give it a go now.

@tschettervictor
remove "which pfctl"
2a8a070 
We assume that if the jail has an ip4.addr value, then pfctl is obviously installed.

It is also not invoked by start, so stop should not need it either.
michael-o
michael-o approved these changes Dec 10, 2024
View reviewed changes
Copy link
Contributor

@michael-o michael-o left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

WFM:

root@deblndw013x:/usr/local/share/bastille
# patch -p5 </tmp/bastille-patch
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|From aa17f5c4f91a1bc3779d86fe616c92f7823e858b Mon Sep 17 00:00:00 2001
|From: tschettervictor <[email protected]>
|Date: Tue, 10 Dec 2024 14:51:29 -0700
|Subject: [PATCH 1/4] Fix pfctl being invoked when NAT is not used + change ip
| var to ip4 for future ip6 implementation
|
|---
| usr/local/share/bastille/stop.sh | 8 ++++----
| 1 file changed, 4 insertions(+), 4 deletions(-)
|
|diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
|index a3a8dfbe..ade6f9a6 100644
|--- a/usr/local/share/bastille/stop.sh
|+++ b/usr/local/share/bastille/stop.sh
--------------------------
Patching file stop.sh using Plan A...
Hunk #1 succeeded at 52.
Hunk #2 succeeded at 73.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|
|From 42a5a38334229def87a0e02018607a57d4052765 Mon Sep 17 00:00:00 2001
|From: tschettervictor <[email protected]>
|Date: Tue, 10 Dec 2024 14:59:02 -0700
|Subject: [PATCH 2/4] fix start.sh also
|
|---
| usr/local/share/bastille/start.sh | 10 +++++-----
| 1 file changed, 5 insertions(+), 5 deletions(-)
|
|diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh
|index f9e5a180..2eeb9e49 100644
|--- a/usr/local/share/bastille/start.sh
|+++ b/usr/local/share/bastille/start.sh
--------------------------
Patching file start.sh using Plan A...
Hunk #1 failed at 79.
1 out of 1 hunks failed--saving rejects to start.sh.rej
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|
|From 2a8a0702516be30f90024bbe0d21aad456a50639 Mon Sep 17 00:00:00 2001
|From: tschettervictor <[email protected]>
|Date: Tue, 10 Dec 2024 15:04:27 -0700
|Subject: [PATCH 3/4] remove "which pfctl"
|
|We assume that if the jail has an ip4.addr value, then pfctl is obviously installed.
|
|It is also not invoked by start, so stop should not need it either.
|---
| usr/local/share/bastille/stop.sh | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
|index ade6f9a6..d61d7ed6 100644
|--- a/usr/local/share/bastille/stop.sh
|+++ b/usr/local/share/bastille/stop.sh
--------------------------
Patching file stop.sh using Plan A...
Hunk #1 succeeded at 55.
Hmm...  The next patch looks like a unified diff to me...
The text leading up to this was:
--------------------------
|
|From 108227f72ee977d2cd7df1096caf72db23718675 Mon Sep 17 00:00:00 2001
|From: tschettervictor <[email protected]>
|Date: Tue, 10 Dec 2024 15:07:29 -0700
|Subject: [PATCH 4/4] remove padding
|
|---
| usr/local/share/bastille/stop.sh | 2 +-
| 1 file changed, 1 insertion(+), 1 deletion(-)
|
|diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
|index d61d7ed6..6c4b7c1d 100644
|--- a/usr/local/share/bastille/stop.sh
|+++ b/usr/local/share/bastille/stop.sh
--------------------------
Patching file stop.sh using Plan A...
Hunk #1 succeeded at 52.
done
root@deblndw013x:/usr/local/share/bastille
# bastille restart deblndw013x2j
[deblndw013x2j]:
deblndw013x2j: removed

[deblndw013x2j]:
e0a_bastille3
e0b_bastille3
deblndw013x2j: created

@michael-o
Copy link
Contributor

@bmac2 Can you merge this one as well?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@michael-o michael-o michael-o approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tschettervictor @michael-o