From aa17f5c4f91a1bc3779d86fe616c92f7823e858b Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 10 Dec 2024 14:51:29 -0700
Subject: [PATCH 1/4] Fix pfctl being invoked when NAT is not used + change ip
 var to ip4 for future ip6 implementation

---
 usr/local/share/bastille/stop.sh | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
index a3a8dfbe..ade6f9a6 100644
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -52,10 +52,10 @@ for _jail in ${JAILS}; do
     ## test if running
     if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
         ## Capture ip4.addr address while still running
-        _ip="$(/usr/sbin/jls -j ${_jail} ip4.addr)"
+        _ip4="$( bastille config ${_jail} get ip4.addr )"
 
         # Check if pfctl is present
-        if which -s pfctl; then
+        if [ which -s pfctl ] && [ "${_ip4}" != "not set" ]; then
             if [ "$(bastille rdr ${_jail} list)" ]; then
                 bastille rdr ${_jail} clear
             fi
@@ -73,9 +73,9 @@ for _jail in ${JAILS}; do
         jail -f "${bastille_jailsdir}/${_jail}/jail.conf" -r "${_jail}"
 
         ## remove (captured above) ip4.addr from firewall table
-        if [ -n "${bastille_network_loopback}" -a ! -z "${_ip}" ]; then
+        if [ -n "${bastille_network_loopback}" ] && [ "${_ip4}" != "not set" ]; then
             if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then
-                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip}"
+                pfctl -q -t "${bastille_network_pf_table}" -T delete "${_ip4}"
             fi
         fi
     fi

From 42a5a38334229def87a0e02018607a57d4052765 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 10 Dec 2024 14:59:02 -0700
Subject: [PATCH 2/4] fix start.sh also

---
 usr/local/share/bastille/start.sh | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/usr/local/share/bastille/start.sh b/usr/local/share/bastille/start.sh
index f9e5a180..2eeb9e49 100644
--- a/usr/local/share/bastille/start.sh
+++ b/usr/local/share/bastille/start.sh
@@ -79,14 +79,14 @@ for _jail in ${JAILS}; do
         fi
 
         ## warn if matching configured (but not online) ip4.addr, ignore if there's no ip4.addr entry
-        ip=$(bastille config "${_jail}" get ip4.addr)
-        if [ -n "${ip}" ]; then
-            if ifconfig | grep -wF "${ip}" >/dev/null; then
-                error_notify "Error: IP address (${ip}) already in use."
+        _ip4=$(bastille config "${_jail}" get ip4.addr)
+        if [ "${_ip4}" != "not set" ]; then
+            if ifconfig | grep -wF "${_ip4}" >/dev/null; then
+                error_notify "Error: IP address (${_ip4}) already in use."
                 continue
             fi
             ## add ip4.addr to firewall table
-            pfctl -q -t "${bastille_network_pf_table}" -T add "${ip}"
+            pfctl -q -t "${bastille_network_pf_table}" -T add "${_ip4}"
         fi
 
         ## start the container

From 2a8a0702516be30f90024bbe0d21aad456a50639 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 10 Dec 2024 15:04:27 -0700
Subject: [PATCH 3/4] remove "which pfctl"

We assume that if the jail has an ip4.addr value, then pfctl is obviously installed.

It is also not invoked by start, so stop should not need it either.
---
 usr/local/share/bastille/stop.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
index ade6f9a6..d61d7ed6 100644
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -55,7 +55,7 @@ for _jail in ${JAILS}; do
         _ip4="$( bastille config ${_jail} get ip4.addr )"
 
         # Check if pfctl is present
-        if [ which -s pfctl ] && [ "${_ip4}" != "not set" ]; then
+        if [ "${_ip4}" != "not set" ]; then
             if [ "$(bastille rdr ${_jail} list)" ]; then
                 bastille rdr ${_jail} clear
             fi

From 108227f72ee977d2cd7df1096caf72db23718675 Mon Sep 17 00:00:00 2001
From: tschettervictor <85497460+tschettervictor@users.noreply.github.com>
Date: Tue, 10 Dec 2024 15:07:29 -0700
Subject: [PATCH 4/4] remove padding

---
 usr/local/share/bastille/stop.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr/local/share/bastille/stop.sh b/usr/local/share/bastille/stop.sh
index d61d7ed6..6c4b7c1d 100644
--- a/usr/local/share/bastille/stop.sh
+++ b/usr/local/share/bastille/stop.sh
@@ -52,7 +52,7 @@ for _jail in ${JAILS}; do
     ## test if running
     if [ "$(/usr/sbin/jls name | awk "/^${_jail}$/")" ]; then
         ## Capture ip4.addr address while still running
-        _ip4="$( bastille config ${_jail} get ip4.addr )"
+        _ip4="$(bastille config ${_jail} get ip4.addr)"
 
         # Check if pfctl is present
         if [ "${_ip4}" != "not set" ]; then