Use mdoc(7) instead of markdown #6
2
bkctld
2
bkctld
|
@ -33,7 +33,7 @@ case "${subcommand}" in
|
||||||
"key" | "port" | "ip")
|
"key" | "port" | "ip")
|
||||||
"${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
|
"${LIBDIR}/bkctld-${subcommand}" "${jail}" "${option}"
|
||||||
;;
|
;;
|
||||||
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove")
|
"start" | "stop" | "reload" | "restart" | "sync" | "update" | "remove" | "firewall")
|
||||||
if [ "${jail}" = "all" ]; then
|
if [ "${jail}" = "all" ]; then
|
||||||
ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
|
ls "${JAILDIR}"|xargs --no-run-if-empty --max-args=1 --max-procs=0 "${LIBDIR}/bkctld-${subcommand}"
|
||||||
else
|
else
|
||||||
|
|
18
lib/bkctld-firewall
Executable file
18
lib/bkctld-firewall
Executable file
|
@ -0,0 +1,18 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
LIBDIR="$(dirname $0)" && . "${LIBDIR}/config"
|
||||||
|
|
||||||
|
jail="${1:-}"
|
||||||
|
[ -n "${jail}" ] || usage
|
||||||
|
|
||||||
|
if [ -n "${FIREWALL_RULES}" ]; then
|
||||||
|
[ -f "${FIREWALL_RULES}" ] && sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
||||||
|
if ( check_jail "${jail}" ); then
|
||||||
|
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
||||||
|
for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
|
||||||
|
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
||||||
|
done
|
||||||
|
[ -f /etc/init.d/minifirewall ] && /etc/init.d/minifirewall restart >/dev/null
|
||||||
|
fi
|
||||||
|
notice "${jail} : firewall rules updated"
|
||||||
|
fi
|
|
@ -23,8 +23,7 @@ else
|
||||||
allow="${allow} root@${ip}"
|
allow="${allow} root@${ip}"
|
||||||
done
|
done
|
||||||
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
sed -i "s~^AllowUsers .*~${allow}~" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||||
set_firewall "${jail}"
|
|
||||||
notice "${jail} : update ip => ${ip}"
|
notice "${jail} : update ip => ${ip}"
|
||||||
|
|
||||||
check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
check_jail_on "${jail}" && "${LIBDIR}/bkctld-reload" "${jail}"
|
||||||
|
"${LIBDIR}/bkctld-firewall" "${jail}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -16,8 +16,7 @@ else
|
||||||
[ "${port}" -le 1 ] && port=2222
|
[ "${port}" -le 1 ] && port=2222
|
||||||
fi
|
fi
|
||||||
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
sed -i "s/^Port .*/Port ${port}/" "${JAILDIR}/$jail/${SSHD_CONFIG}"
|
||||||
set_firewall "${jail}"
|
|
||||||
notice "${jail} : update port => ${port}"
|
notice "${jail} : update port => ${port}"
|
||||||
|
|
||||||
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
check_jail_on "${jail}" && . "${LIBDIR}/bkctld-reload" "${jail}"
|
||||||
|
"${LIBDIR}/bkctld-firewall" "${jail}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -26,5 +26,5 @@ if [ -d "${INCDIR}/${jail}" ]; then
|
||||||
done
|
done
|
||||||
rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
|
rmdir --ignore-fail-on-non-empty "${INCDIR}/${jail}" | debug
|
||||||
fi
|
fi
|
||||||
set_firewall "${jail}"
|
"${LIBDIR}/bkctld-firewall" "${jail}"
|
||||||
notice "${jail} : deleted jail"
|
notice "${jail} : deleted jail"
|
||||||
|
|
|
@ -12,6 +12,7 @@ Subcommands:
|
||||||
reload <jailname>|all Reload jail <jailname> or all
|
reload <jailname>|all Reload jail <jailname> or all
|
||||||
restart <jailname>|all Restart jail <jailname> or all
|
restart <jailname>|all Restart jail <jailname> or all
|
||||||
sync <jailname>|all Sync jail <jailname> or all to another node
|
sync <jailname>|all Sync jail <jailname> or all to another node
|
||||||
|
firewall <jailname>|all Update firewall rules of <jailname> or all
|
||||||
status [<jailname>] Print status of <jailname> (default all jail)
|
status [<jailname>] Print status of <jailname> (default all jail)
|
||||||
key <jailname> [<keyfile>] Set or get ssh pubic key of <jailname>
|
key <jailname> [<keyfile>] Set or get ssh pubic key of <jailname>
|
||||||
port <jailname> [<port>|auto] Set or get ssh port of <jailname>
|
port <jailname> [<port>|auto] Set or get ssh port of <jailname>
|
||||||
|
@ -56,21 +57,3 @@ get_inc() {
|
||||||
fi
|
fi
|
||||||
echo "${inc}"
|
echo "${inc}"
|
||||||
}
|
}
|
||||||
|
|
||||||
set_firewall() {
|
|
||||||
jail="${1}"
|
|
||||||
if [ -n "${FIREWALL_RULES}" ]; then
|
|
||||||
if [ -f "${FIREWALL_RULES}" ]; then
|
|
||||||
sed -i "/#${jail}$/d" "${FIREWALL_RULES}"
|
|
||||||
fi
|
|
||||||
if ( check_jail "${jail}" ); then
|
|
||||||
port=$("${LIBDIR}/bkctld-port" "${jail}")
|
|
||||||
for ip in $("${LIBDIR}/bkctld-ip" "${jail}"); do
|
|
||||||
echo "/sbin/iptables -A INPUT -p tcp --sport 1024: --dport ${port} -s ${ip} -j ACCEPT #${jail}" >> "${FIREWALL_RULES}"
|
|
||||||
done
|
|
||||||
if [ -f /etc/init.d/minifirewall ]; then
|
|
||||||
/etc/init.d/minifirewall restart >/dev/null
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
Loading…
Reference in a new issue