[people/pmueller/ipfire-2.x.git] / src / initscripts / packages / tor

#!/bin/sh
###############################################################################
#                                                                             #
# IPFire.org - A linux based firewall                                         #
# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
#                                                                             #
# This program is free software: you can redistribute it and/or modify        #
# it under the terms of the GNU General Public License as published by        #
# the Free Software Foundation, either version 3 of the License, or           #
# (at your option) any later version.                                         #
#                                                                             #
# This program is distributed in the hope that it will be useful,             #
# but WITHOUT ANY WARRANTY; without even the implied warranty of              #
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               #
# GNU General Public License for more details.                                #
#                                                                             #
# You should have received a copy of the GNU General Public License           #
# along with this program.  If not, see <http://www.gnu.org/licenses/>.       #
#                                                                             #
###############################################################################

. /etc/sysconfig/rc
. ${rc_functions}

FILEDESCRIPTORS="65535"

eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)

function tor_is_enabled() {
	[ "${TOR_ENABLED}" = "on" ] || [ "${TOR_RELAY_ENABLED}" = "on" ]
}

function setup_firewall() {
	# Flush all rules.
	flush_firewall

	# Allow incoming traffic to Tor relay (and directory) port and
	# all outgoing TCP connections from Tor user.
	if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
		iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
		iptables -A TOR_OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
	fi

	if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_DIRPORT}" ] && [ "${TOR_RELAY_DIRPORT}" -ne 0 ]; then
		iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_DIRPORT}" -j ACCEPT
	fi
}

function flush_firewall() {
	# Flush all rules.
	iptables -F TOR_INPUT
	iptables -F TOR_OUTPUT
}

case "${1}" in
	start)
		tor_is_enabled || exit 0

		# Setup firewall.
		setup_firewall

		# Increasing open file descriptors.
		if [ -n "${FILEDESCRIPTORS}" ]; then
			ulimit -n "${FILEDESCRIPTORS}"
		fi

		boot_mesg "Starting tor..."
		loadproc /usr/bin/tor \
			--runasdaemon 1 \
			--defaults-torrc /usr/share/tor/defaults-torrc \
			-f /etc/tor/torrc \
			--quiet
		;;

	stop)
		# Flush firewall.
		flush_firewall

		boot_mesg "Stopping tor..."
		killproc /usr/bin/tor
		;;

	reload)
		# Setup firewall.
		setup_firewall

		boot_mesg "Reloading tor..."
		reloadproc /usr/bin/tor
		;;

	restart)
		${0} stop
		sleep 1
		${0} start
		;;

	reload-or-restart)
		# Reload the process if it is already running. Otherwise, restart.
		if pidofproc -s /usr/bin/tor; then
			$0 reload
		else
			$0 restart
		fi
		;;

	status)
		statusproc /usr/bin/tor
		;;

	*)
		echo "Usage: ${0} {start|stop|reload|restart|reload-or-restart|status}"
		exit 1
		;;
esac
Commit	Line	Data
b312967c	1	#!/bin/sh
66c36198 PM	2	###############################################################################
	3	# #
	4	# IPFire.org - A linux based firewall #
	5	# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
	6	# #
	7	# This program is free software: you can redistribute it and/or modify #
	8	# it under the terms of the GNU General Public License as published by #
	9	# the Free Software Foundation, either version 3 of the License, or #
	10	# (at your option) any later version. #
	11	# #
	12	# This program is distributed in the hope that it will be useful, #
	13	# but WITHOUT ANY WARRANTY; without even the implied warranty of #
	14	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
	15	# GNU General Public License for more details. #
	16	# #
	17	# You should have received a copy of the GNU General Public License #
	18	# along with this program. If not, see <http://www.gnu.org/licenses/>. #
	19	# #
	20	###############################################################################
b312967c MT	21
	22	. /etc/sysconfig/rc
	23	. ${rc_functions}
	24
6adacba0 MT	25	FILEDESCRIPTORS="65535"
6adacba0 MT	26
dea39917 MT	27	eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
dea39917 MT	28
3765eb61 MT	29	function tor_is_enabled() {
	30	[ "${TOR_ENABLED}" = "on" ] \|\| [ "${TOR_RELAY_ENABLED}" = "on" ]
	31	}
	32
c60301c0	33	function setup_firewall() {
c60301c0 MT	34	# Flush all rules.
	35	flush_firewall
	36
5fc5f703 PM	37	# Allow incoming traffic to Tor relay (and directory) port and
5fc5f703 PM	38	# all outgoing TCP connections from Tor user.
c60301c0 MT	39	if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
c60301c0 MT	40	iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
5fc5f703	41	iptables -A TOR_OUTPUT -p tcp -m owner --uid-owner tor -j ACCEPT
c60301c0	42	fi
e122dd63 JPT	43
	44	if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_DIRPORT}" ] && [ "${TOR_RELAY_DIRPORT}" -ne 0 ]; then
	45	iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_DIRPORT}" -j ACCEPT
	46	fi
c60301c0 MT	47	}
	48
	49	function flush_firewall() {
	50	# Flush all rules.
	51	iptables -F TOR_INPUT
5fc5f703	52	iptables -F TOR_OUTPUT
c60301c0 MT	53	}
c60301c0 MT	54
b312967c MT	55	case "${1}" in
b312967c MT	56	start)
3765eb61 MT	57	tor_is_enabled \|\| exit 0
3765eb61 MT	58
c60301c0 MT	59	# Setup firewall.
	60	setup_firewall
	61
6adacba0 MT	62	# Increasing open file descriptors.
	63	if [ -n "${FILEDESCRIPTORS}" ]; then
	64	ulimit -n "${FILEDESCRIPTORS}"
	65	fi
	66
b312967c MT	67	boot_mesg "Starting tor..."
	68	loadproc /usr/bin/tor \
	69	--runasdaemon 1 \
	70	--defaults-torrc /usr/share/tor/defaults-torrc \
	71	-f /etc/tor/torrc \
	72	--quiet
	73	;;
	74
	75	stop)
c60301c0 MT	76	# Flush firewall.
	77	flush_firewall
	78
b312967c MT	79	boot_mesg "Stopping tor..."
	80	killproc /usr/bin/tor
	81	;;
	82
	83	reload)
c60301c0 MT	84	# Setup firewall.
	85	setup_firewall
	86
b312967c MT	87	boot_mesg "Reloading tor..."
	88	reloadproc /usr/bin/tor
	89	;;
	90
	91	restart)
	92	${0} stop
	93	sleep 1
	94	${0} start
	95	;;
	96
27cb7805 MT	97	reload-or-restart)
	98	# Reload the process if it is already running. Otherwise, restart.
	99	if pidofproc -s /usr/bin/tor; then
	100	$0 reload
	101	else
	102	$0 restart
	103	fi
	104	;;
	105
b312967c MT	106	status)
	107	statusproc /usr/bin/tor
	108	;;
	109
	110	*)
27cb7805	111	echo "Usage: ${0} {start\|stop\|reload\|restart\|reload-or-restart\|status}"
b312967c MT	112	exit 1
	113	;;
	114	esac