Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDR Improvements: Allow TO/FROM+INTERACE+IP STACK #765

Open
wants to merge 81 commits into
base: master
Choose a base branch
from
Open

RDR Improvements: Allow TO/FROM+INTERACE+IP STACK #765

wants to merge 81 commits into from

Conversation

tschettervictor
Copy link
Collaborator

@tschettervictor tschettervictor commented Dec 10, 2024
edited
Loading

I've reconstructed much of the rdr.sh to allow users to set TO/FROM and also the interface.
Old command of bastille rdr jail tcp 8000 80 still functions as it should and will use the default interface and any to any when creating the rules. Major differences are

  • you can now set which interface the rule is created on with -i em0 or any specified interface
  • if you want to limit the rdr rule to a certain source, use -s 134.234.67.34
  • if you have multiple IPs on an interface, you can choose to redirect to only one using -d 192.168.1.45
  • -t is also available if you want to specifically load a rule doing ip4/6 -t ipv4 or -t ipv6. The default will use both, or 'dual'

Error checking is also in place, and testers are welcome.
I will continue to update this PR with the docs and usage commands if users find this helpful.

@tschettervictor tschettervictor mentioned this pull request Dec 10, 2024
Open
@tschettervictor tschettervictor mentioned this pull request Dec 11, 2024
Open
@tschettervictor tschettervictor changed the title RDR allow setting interface when publishing ports RDR Improvements: Allow TO/FROM+INTERACE Dec 11, 2024
@tschettervictor
Copy link
Collaborator Author

I've reconstructed much of the rdr.sh to allow users to set TO/FROM and also the interface.
Old command of bastille rdr jail tcp 8000 80 still functions as it should and will use the default interface and any to any when creating the rules. Major differences are

  • you can now set which interface the rule is created on with -i em0 or any specified interface
  • if you want to limit the rdr rule to a certain source, use -s 134.234.67.34
  • if you have multiple IPs on an interface, you can choose to redirect to only one using -d 192.168.1.45

Error checking is also in place, and testers are welcome.
I will continue to update this PR with the docs and usage commands if users find this helpful.

#707
#673
#664
#654
#644
#402

This was referenced Dec 11, 2024
Open
Open
@tschettervictor
Copy link
Collaborator Author

RDR will now show errors for any rule that failed to create.
It also will now print better info when redirecting IPv4/6 rules.

@tschettervictor
Copy link
Collaborator Author

@yaazkal @bmac2 I think this should do it. Can I request a review?

This PR allows very high functionality and would allow us to close many issues and PRs.

And I've tested most if not all combinations of options and made sure error catching is good as well as IPv4 and IPv6 handling.

Thanks

@bmac2
Copy link
Collaborator

bmac2 commented Dec 17, 2024

@tschettervictor this one has conflicts. I was going to start testing but need it cleanedup then I will start testing.

@tschettervictor
Copy link
Collaborator Author

Done.

@tschettervictor tschettervictor mentioned this pull request Dec 21, 2024
Open
@tschettervictor
Copy link
Collaborator Author

Any testers for this one?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tschettervictor @bmac2