From 96d6dd5674c5f4b7485dc97809132d466b893e78 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 10 Aug 2024 09:48:47 -0300 Subject: Fix: trashman: tor-transproxy: updates --- .../debian/files/etc/network/if-pre-up.d/iptables | 14 ++++++------ .../tor-transproxy/unix/linux/debian/install | 26 +++++++++++++++------- 2 files changed, 25 insertions(+), 15 deletions(-) diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables index 2cc227b..e61d8f0 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables @@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit $IPTABLES -t nat -F || exit # Transproxy rules for Tor -$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit +$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit $IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit # Allow Tor, _apt, root and the network user -$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit -$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit -$IPTABLES -A OUTPUT -j DROP || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit +$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit +$IPTABLES -A OUTPUT -j DROP || exit # Allow SSH $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install index 9508091..72cfff3 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/install +++ b/share/trashman/tor-transproxy/unix/linux/debian/install @@ -6,6 +6,9 @@ # Parameters SHARE="$1" +# Additional parameters +ARCH="`uname -m`" + # Include basic functions . $SHARE/trashman/functions || exit 1 . $SHARE/trashman/debian || exit 1 @@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null # Ensure only the local DNS resolver is used (Tor) # Some systems need this additional configuration so the DNS returned by the # DHCP server is NOT used -#cat < /dev/null -#allow-hotplug ens3 -#iface ens3 inet dhcp -# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf -#EOF +cat < /dev/null +allow-hotplug ens3 +iface ens3 inet dhcp + post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf +EOF # Tor config cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc @@ -38,11 +41,18 @@ service tor restart # Tor Browser config to use the system-installed tor daemon # Use this to configure your regular user account # See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ -#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then +# +# Tor Browser path depends on wheter it's installed using hoarder or using +# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher +# (also at https://tracker.debian.org/torbrowser-launcher). +# +#TB="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser" +#TB="$HOME/.local/share/tor-browser/$ARCH/latest/Browser" +#if [ -e "$TB" ]; then # # Force about:config preferences -# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js +# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TB/TorBrowser/Data/Browser/profile.default/user.js # # # Hard code control port password into the start-tor-browser script # sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \ -# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +# $TB/start-tor-browser #fi -- cgit v1.2.3