#!/bin/sh
-########################################################################
-# Begin $rc_base/init.d/tor
-#
-# Description : Anonymizing overlay network for TCP
-#
-########################################################################
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
. /etc/sysconfig/rc
. ${rc_functions}
# Flush all rules.
flush_firewall
+ # Allow incoming traffic to Tor relay (and directory) port and
+ # all outgoing TCP connections from Tor user.
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
+ iptables -A TOR_OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
fi
if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_DIRPORT}" ] && [ "${TOR_RELAY_DIRPORT}" -ne 0 ]; then
function flush_firewall() {
# Flush all rules.
iptables -F TOR_INPUT
+ iptables -F TOR_OUTPUT
}
case "${1}" in
exit 1
;;
esac
-
-# End $rc_base/init.d/tor