aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2024-08-10 09:48:47 -0300
committerSilvio Rhatto <rhatto@riseup.net>2024-08-10 09:48:47 -0300
commit96d6dd5674c5f4b7485dc97809132d466b893e78 (patch)
treef3889efb615eff25eb6a46022043ac56acee372e
parentbe6b0a727a9aeeed174d27b4759bb902686bf14a (diff)
downloadtrashman-96d6dd5674c5f4b7485dc97809132d466b893e78.tar.gz
trashman-96d6dd5674c5f4b7485dc97809132d466b893e78.tar.bz2
Fix: trashman: tor-transproxy: updates
-rwxr-xr-xshare/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables14
-rwxr-xr-xshare/trashman/tor-transproxy/unix/linux/debian/install26
2 files changed, 25 insertions, 15 deletions
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
index 2cc227b..e61d8f0 100755
--- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
+++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables
@@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit
$IPTABLES -t nat -F || exit
# Transproxy rules for Tor
-$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit
+$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit
$IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit
# Allow Tor, _apt, root and the network user
-$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit
-$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
-$IPTABLES -A OUTPUT -j DROP || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit
+$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
+$IPTABLES -A OUTPUT -j DROP || exit
# Allow SSH
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install
index 9508091..72cfff3 100755
--- a/share/trashman/tor-transproxy/unix/linux/debian/install
+++ b/share/trashman/tor-transproxy/unix/linux/debian/install
@@ -6,6 +6,9 @@
# Parameters
SHARE="$1"
+# Additional parameters
+ARCH="`uname -m`"
+
# Include basic functions
. $SHARE/trashman/functions || exit 1
. $SHARE/trashman/debian || exit 1
@@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null
# Ensure only the local DNS resolver is used (Tor)
# Some systems need this additional configuration so the DNS returned by the
# DHCP server is NOT used
-#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
-#allow-hotplug ens3
-#iface ens3 inet dhcp
-# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
-#EOF
+cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
+allow-hotplug ens3
+iface ens3 inet dhcp
+ post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
+EOF
# Tor config
cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc
@@ -38,11 +41,18 @@ service tor restart
# Tor Browser config to use the system-installed tor daemon
# Use this to configure your regular user account
# See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
-#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then
+#
+# Tor Browser path depends on wheter it's installed using hoarder or using
+# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher
+# (also at https://tracker.debian.org/torbrowser-launcher).
+#
+#TB="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser"
+#TB="$HOME/.local/share/tor-browser/$ARCH/latest/Browser"
+#if [ -e "$TB" ]; then
# # Force about:config preferences
-# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js
+# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TB/TorBrowser/Data/Browser/profile.default/user.js
#
# # Hard code control port password into the start-tor-browser script
# sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \
-# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+# $TB/start-tor-browser
#fi