tor: Add necessary firewall rules.

author Michael Tremer <michael.tremer@ipfire.org>

Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)

committer Michael Tremer <michael.tremer@ipfire.org>

Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)
author Michael Tremer <michael.tremer@ipfire.org>
Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)
committer Michael Tremer <michael.tremer@ipfire.org>
Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)
diff --git a/src/initscripts/init.d/firewall b/src/initscripts/init.d/firewall

index 844618a304161639f8c571ef5a143cadcc728104..0237297e7014bbe9cd95c94931ae5edaef522f7a 100644 (file)
--- a/src/initscripts/init.d/firewall
+++ b/src/initscripts/init.d/firewall
@@ -188,6 +188,10 @@ case "$1" in
         /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
         /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
  
         /sbin/iptables -t nat -A POSTROUTING -j OVPNNAT
         /sbin/iptables -t nat -A POSTROUTING -j IPSECNAT
  
+       # TOR
+       /sbin/iptables -N TOR_INPUT
+       /sbin/iptables -A INPUT -j TOR_INPUT
+
         # Outgoing Firewall
         /sbin/iptables -A FORWARD -j OUTGOINGFWMAC
  
         # Outgoing Firewall
         /sbin/iptables -A FORWARD -j OUTGOINGFWMAC
  
diff --git a/src/initscripts/init.d/tor b/src/initscripts/init.d/tor

index 82dab68bd9276487ca084f863973a1be12de8a86..d3761782410c9aed93cb8d3c0b910723553503cf 100644 (file)
--- a/src/initscripts/init.d/tor
+++ b/src/initscripts/init.d/tor
@@ -9,8 +9,27 @@
  . /etc/sysconfig/rc
  . ${rc_functions}
  
  . /etc/sysconfig/rc
  . ${rc_functions}
  
+function setup_firewall() {
+       eval $(readhash /var/ipfire/tor/settings)
+
+       # Flush all rules.
+       flush_firewall
+
+       if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+               iptables -A TOR_INPUT -p tcp --dport "${TOR_RELAY_PORT}" -j ACCEPT
+       fi
+}
+
+function flush_firewall() {
+       # Flush all rules.
+       iptables -F TOR_INPUT
+}
+
  case "${1}" in
         start)
  case "${1}" in
         start)
+               # Setup firewall.
+               setup_firewall
+
                 boot_mesg "Starting tor..."
                 loadproc /usr/bin/tor \
                         --runasdaemon 1 \
                 boot_mesg "Starting tor..."
                 loadproc /usr/bin/tor \
                         --runasdaemon 1 \
@@ -20,11 +39,17 @@ case "${1}" in
                 ;;
  
         stop)
                 ;;
  
         stop)
+               # Flush firewall.
+               flush_firewall
+
                 boot_mesg "Stopping tor..."
                 killproc /usr/bin/tor
                 ;;
  
         reload)
                 boot_mesg "Stopping tor..."
                 killproc /usr/bin/tor
                 ;;
  
         reload)
+               # Setup firewall.
+               setup_firewall
+
                 boot_mesg "Reloading tor..."
                 reloadproc /usr/bin/tor
                 ;;
                 boot_mesg "Reloading tor..."
                 reloadproc /usr/bin/tor
                 ;;
author	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)
committer	Michael Tremer <michael.tremer@ipfire.org>
	Wed, 31 Jul 2013 10:52:40 +0000 (12:52 +0200)
src/initscripts/init.d/firewall		patch \| blob \| blame \| history
src/initscripts/init.d/tor		patch \| blob \| blame \| history