Make RDR rules persistent between bastille restarts.

usr/local/share/bastille/start.sh

@@ -86,6 +86,13 @@ for _jail in ${JAILS}; do
             done < "${bastille_jailsdir}/${_jail}/rctl.conf"
         fi
 
+        ## add rdr rules
+        if [ -s "${bastille_jailsdir}/${_jail}/rdr.conf" ]; then
+            while read _rules; do
+                bastille rdr "${_jail}" ${_rules}
+            done < "${bastille_jailsdir}/${_jail}/rdr.conf"
+        fi
+
         ## add ip4.addr to firewall table:jails
         if [ -n "${bastille_network_loopback}" ]; then
             if grep -qw "interface.*=.*${bastille_network_loopback}" "${bastille_jailsdir}/${_jail}/jail.conf"; then

usr/local/share/bastille/template.sh

@@ -35,6 +35,20 @@ bastille_usage() {
     error_exit "Usage: bastille template TARGET project/template"
 }
 
+post_command_hook() {
+    _jail=$1
+    _cmd=$2
+    _args=$3
+
+    case $_cmd in
+        rdr)
+            if ! grep -qs "${_args}" "${bastille_jailsdir}/${_jail}/rdr.conf"; then
+                echo "${_args}" >> "${bastille_jailsdir}/${_jail}/rdr.conf"
+            fi
+            echo -e ${_args}
+    esac
+}
+
 # Handle special-case commands first.
 case "$1" in
 help|-h|--help)
@@ -140,6 +154,8 @@ for _jail in ${JAILS}; do
                 unset IFS
                 error_exit "Failed to execute command: ${_cmd}"
             fi
+
+            post_command_hook "${_jail}" "${_cmd}" "${_args}"
         done
         set +f
         unset IFS