diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2024-08-10 09:48:47 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2024-08-10 09:48:47 -0300 |
| commit | 96d6dd5674c5f4b7485dc97809132d466b893e78 (patch) | |
| tree | f3889efb615eff25eb6a46022043ac56acee372e | |
| parent | be6b0a727a9aeeed174d27b4759bb902686bf14a (diff) | |
| download | trashman-96d6dd5674c5f4b7485dc97809132d466b893e78.tar.gz trashman-96d6dd5674c5f4b7485dc97809132d466b893e78.tar.bz2 | |
Fix: trashman: tor-transproxy: updates
| -rwxr-xr-x | share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables | 14 | ||||
| -rwxr-xr-x | share/trashman/tor-transproxy/unix/linux/debian/install | 26 |
2 files changed, 25 insertions, 15 deletions
diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables index 2cc227b..e61d8f0 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables @@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit $IPTABLES -t nat -F || exit # Transproxy rules for Tor -$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit +$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit $IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit # Allow Tor, _apt, root and the network user -$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit -$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit -$IPTABLES -A OUTPUT -j DROP || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit +$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit +$IPTABLES -A OUTPUT -j DROP || exit # Allow SSH $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install index 9508091..72cfff3 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/install +++ b/share/trashman/tor-transproxy/unix/linux/debian/install @@ -6,6 +6,9 @@ # Parameters SHARE="$1" +# Additional parameters +ARCH="`uname -m`" + # Include basic functions . $SHARE/trashman/functions || exit 1 . $SHARE/trashman/debian || exit 1 @@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null # Ensure only the local DNS resolver is used (Tor) # Some systems need this additional configuration so the DNS returned by the # DHCP server is NOT used -#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null -#allow-hotplug ens3 -#iface ens3 inet dhcp -# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf -#EOF +cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null +allow-hotplug ens3 +iface ens3 inet dhcp + post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf +EOF # Tor config cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc @@ -38,11 +41,18 @@ service tor restart # Tor Browser config to use the system-installed tor daemon # Use this to configure your regular user account # See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ -#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then +# +# Tor Browser path depends on wheter it's installed using hoarder or using +# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher +# (also at https://tracker.debian.org/torbrowser-launcher). +# +#TB="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser" +#TB="$HOME/.local/share/tor-browser/$ARCH/latest/Browser" +#if [ -e "$TB" ]; then # # Force about:config preferences -# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js +# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TB/TorBrowser/Data/Browser/profile.default/user.js # # # Hard code control port password into the start-tor-browser script # sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \ -# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +# $TB/start-tor-browser #fi |