###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2013-2019 IPFire Team <info@ipfire.org> #
+# Copyright (C) 2007-2023 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
###############################################################################
use strict;
-use Locale::Codes::Country;
# enable only the following on debugging purpose
#use warnings;
our %color = ();
our %mainsettings = ();
&General::readhash("${General::swroot}/main/settings", \%mainsettings);
-&General::readhash("/srv/web/ipfire/html/themes/".$mainsettings{'THEME'}."/include/colors.txt", \%color);
+&General::readhash("/srv/web/ipfire/html/themes/ipfire/include/colors.txt", \%color);
our %settings = ();
$settings{'TOR_SOCKS_PORT'} = 9050;
$settings{'TOR_EXIT_COUNTRY'} = '';
$settings{'TOR_USE_EXIT_NODES'} = '';
+$settings{'TOR_GUARD_COUNTRY'} = '';
+$settings{'TOR_USE_GUARD_NODES'} = '';
$settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}";
if (&Header::blue_used()) {
$settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}";
}
}
+ @temp = split(/[\n,]/,$settings{'TOR_USE_GUARD_NODES'});
+ $settings{'TOR_USE_GUARD_NODES'} = "";
+ foreach (@temp) {
+ s/^\s+//g; s/\s+$//g;
+ if ($_) {
+ $settings{'TOR_USE_GUARD_NODES'} .= $_.",";
+ }
+ }
+
# Burst bandwidth must be less or equal to bandwidth rate.
if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) {
$settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0;
@temp = split(",", $settings{'TOR_USE_EXIT_NODES'});
$settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp);
+ @temp = split(",", $settings{'TOR_USE_GUARD_NODES'});
+ $settings{'TOR_USE_GUARD_NODES'} = join("\n", @temp);
+
print <<END;
<br>
<br>
</tr>
</table>
- <br>
- <br>
+ <br />
+ <br />
+
+ <table width='95%'>
+ <tr>
+ <td colspan='4' class='base' bgcolor='$color{'color20'}'><b>$Lang::tr{'tor guard nodes'}</b></td>
+ </tr>
+ <tr>
+ <td colspan='2' class='base' width='55%'></td>
+ <td colspan='2' class='base' width='45%'>$Lang::tr{'tor use guard nodes'}:</td>
+ </tr>
+ <tr>
+ <td width='50%' colspan='2'>
+ <select name='TOR_GUARD_COUNTRY' multiple='multiple'>
+ <option value=''>- $Lang::tr{'tor guard country any'} -</option>
+END
+
+ # Convert Guard country strings into lists to make comparison easier
+ my @guard_countries;
+ if ($settings{'TOR_GUARD_COUNTRY'} ne '') {
+ @guard_countries = split(/\|/, $settings{'TOR_GUARD_COUNTRY'});
+ }
+
+ my @country_codes = &Location::Functions::get_locations("no_special_locations");
+ foreach my $country_code (@country_codes) {
+ # Convert country code into upper case format.
+ $country_code = uc($country_code);
+
+ # Get country name.
+ my $country_name = &Location::Functions::get_full_country_name($country_code);
+
+ print "<option value='$country_code'";
+
+ if ($settings{'TOR_GUARD_COUNTRY'} ne '') {
+ print " selected" if grep /$country_code/, @guard_countries;
+ }
+
+ print ">$country_name ($country_code)</option>\n";
+ }
+
+ print <<END;
+ </select>
+ </td>
+ <td width='50%' colspan='2'>
+ <textarea name='TOR_USE_GUARD_NODES' cols='32' rows='3' wrap='off'>$settings{'TOR_USE_GUARD_NODES'}</textarea>
+ </td>
+ </tr>
+ </table>
+
+ <br />
+ <br />
<table width='95%'>
<tr>
</tr>
<tr>
<td width='50%' colspan='2'>
- <select name='TOR_EXIT_COUNTRY'>
+ <select name='TOR_EXIT_COUNTRY' multiple='multiple'>
<option value=''>- $Lang::tr{'tor exit country any'} -</option>
END
+ my @country_codes = &Location::Functions::get_locations("no_special_locations");
+
+ # Convert Exit country strings into lists to make comparison easier
+ my @exit_countries;
+ if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+ @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'});
+ }
- my @country_names = Locale::Codes::Country::all_country_names();
- foreach my $country_name (sort @country_names) {
- my $country_code = Locale::Codes::Country::country2code($country_name);
+ foreach my $country_code (@country_codes) {
+ # Convert country code into upper case format.
$country_code = uc($country_code);
+
+ # Get country name.
+ my $country_name = &Location::Functions::get_full_country_name($country_code);
+
print "<option value='$country_code'";
- if ($settings{'TOR_EXIT_COUNTRY'} eq $country_code) {
- print " selected";
+ if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
+ print " selected" if grep /$country_code/, @exit_countries;
}
print ">$country_name ($country_code)</option>\n";
open(FILE, ">$torrc");
# Global settings.
+ print FILE "Sandbox 1\n";
+ print FILE "HardwareAccel 1\n";
+ print FILE "ClientUseIPv6 0\n";
print FILE "ControlPort $TOR_CONTROL_PORT\n";
if ($settings{'TOR_ENABLED'} eq 'on') {
}
print FILE "SocksPolicy reject *\n" if (@subnets);
+ if ($settings{'TOR_GUARD_COUNTRY'} ne '') {
+ $strict_nodes = 1;
+ my $countrylist;
+
+ for my $singlecountry (split(/\|/, $settings{'TOR_GUARD_COUNTRY'})) {
+ if ($countrylist eq '') {
+ $countrylist = "{" . lc $singlecountry . "}";
+ } else {
+ $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}";
+ }
+ }
+
+ print FILE "EntryNodes $countrylist\n";
+ }
+
+ if ($settings{'TOR_USE_GUARD_NODES'} ne '') {
+ $strict_nodes = 1;
+
+ my @nodes = split(",", $settings{'TOR_USE_GUARD_NODES'});
+ foreach (@nodes) {
+ print FILE "EntryNode $_\n";
+ }
+ }
+
if ($settings{'TOR_EXIT_COUNTRY'} ne '') {
$strict_nodes = 1;
+ my $countrylist;
- print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n";
+ for my $singlecountry (split(/\|/, $settings{'TOR_EXIT_COUNTRY'})) {
+ if ($countrylist eq '') {
+ $countrylist = "{" . lc $singlecountry . "}";
+ } else {
+ $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}";
+ }
+ }
+
+ print FILE "ExitNodes $countrylist\n";
}
if ($settings{'TOR_USE_EXIT_NODES'} ne '') {
my @nodes = split(",", $settings{'TOR_USE_EXIT_NODES'});
foreach (@nodes) {
- print FILE "ExitNode $_\n";
+ print FILE "ExitNodes $_\n";
}
}
if ($strict_nodes > 0) {
print FILE "StrictNodes 1\n";
}
- }
+ } else {
+ print FILE "SocksPort 0\n";
+ }
if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
# Reject access to private networks.
print FILE "ExitPolicyRejectPrivate 1\n";
- print FILE "ORPort $settings{'TOR_RELAY_PORT'}\n";
+ print FILE "ORPort $settings{'TOR_RELAY_PORT'} IPv4Only\n";
if ($settings{'TOR_RELAY_DIRPORT'} ne '0') {
- print FILE "DirPort $settings{'TOR_RELAY_DIRPORT'}\n";
+ print FILE "DirPort $settings{'TOR_RELAY_DIRPORT'} IPv4Only\n";
}
if ($settings{'TOR_RELAY_ADDRESS'} ne '') {
# Restart the service.
if (($settings{'TOR_ENABLED'} eq 'on') || ($settings{'TOR_RELAY_ENABLED'} eq 'on')) {
- system("/usr/local/bin/torctrl restart &>/dev/null");
+ &General::system("/usr/local/bin/torctrl", "restart");
} else {
- system("/usr/local/bin/torctrl stop &>/dev/null");
+ &General::system("/usr/local/bin/torctrl", "stop");
}
# Update pid and memory
daemonstats();
$node->{'address'} = $3;
$node->{'port'} = $4;
- my $country_code = &TorGetInfo($tor, "ip-to-country/$node->{'address'}");
+ my $country_code = &Location::Functions::lookup_country_code($node->{'address'});
$node->{'country_code'} = $country_code;
# Flags