From 6eaa806163a93eaea432aaa0966b4e5c5e4daae3 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Wed, 31 Jul 2013 12:52:40 +0200 Subject: [PATCH] tor: Add necessary firewall rules. --- src/initscripts/init.d/firewall | 7 +++++++ src/initscripts/init.d/tor | 25 +++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall index 12d8817019..e64b361098 100644 --- a/src/initscripts/init.d/firewall +++ b/src/initscripts/init.d/firewall @@ -146,6 +146,13 @@ iptables_init() { /sbin/iptables -t nat -N IPSECNAT /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT + # TOR + /sbin/iptables -N TOR_INPUT + /sbin/iptables -A INPUT -j TOR_INPUT + + # Outgoing Firewall + /sbin/iptables -A FORWARD -j OUTGOINGFWMAC + # localhost and ethernet. /sbin/iptables -A INPUT -i $GREEN_DEV -m conntrack --ctstate NEW -j ACCEPT ! -p icmp diff --git a/src/initscripts/init.d/tor b/src/initscripts/init.d/tor index 82dab68bd9..d376178241 100644 --- a/src/initscripts/init.d/tor +++ b/src/initscripts/init.d/tor @@ -9,8 +9,27 @@ . /etc/sysconfig/rc . ${rc_functions} +function setup_firewall() { + eval $(readhash /var/ipfire/tor/settings) + + # Flush all rules. + flush_firewall + + if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then + iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT + fi +} + +function flush_firewall() { + # Flush all rules. + iptables -F TOR_INPUT +} + case "${1}" in start) + # Setup firewall. + setup_firewall + boot_mesg "Starting tor..." loadproc /usr/bin/tor \ --runasdaemon 1 \ @@ -20,11 +39,17 @@ case "${1}" in ;; stop) + # Flush firewall. + flush_firewall + boot_mesg "Stopping tor..." killproc /usr/bin/tor ;; reload) + # Setup firewall. + setup_firewall + boot_mesg "Reloading tor..." reloadproc /usr/bin/tor ;; -- 2.39.5