Firewall initscript: Restore Tor IPTable rules by manual firewall restart

If the firewall will be manually restart via '/etc/init.d/firewall restart',
the IPTable rules for the Tor relay will be deleted since 'iptables_init' only
flushes and creates inbound and unbound chains for Tor but does not restore the
ruleset from Tor initscript.

For reference and tests please see -->
https://community.ipfire.org/t/tor-stop-working-without-stop-the-process-or-give-an-error-message/10697

Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index 50f2b3e029cfb833bfb4bff09ca783f0273b4af2..3aab7dd754081ae54db60c5e302e047e60d55662 100644 (file)
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -25,6 +25,9 @@
 eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+if [ -r "/var/ipfire/tor/settings"  ]; then
+       eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
+fi
 IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
 if [ -z $IFACE ]; then
        IFACE="red0"
@@ -387,6 +390,11 @@ iptables_init() {
        # run captivectrl
        /usr/local/bin/captivectrl
 
+       # If a Tor relay is enabled apply firewall rules
+       if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+               /usr/local/bin/torctrl restart 1> /dev/null
+       fi
+
        # POLICY CHAIN
        iptables -N POLICYIN
        iptables -A INPUT -j POLICYIN