[v2] Firewall initscript: Restore Tor IPTable rules by manual firewall restart
Commit Message
If the firewall will be manually restart via '/etc/init.d/firewall restart',
the IPTable rules for the Tor relay will be deleted since 'iptables_init' only
flushes and creates inbound and unbound chains for Tor but does not restore the
ruleset from Tor initscript.
For reference and tests please see -->
https://community.ipfire.org/t/tor-stop-working-without-stop-the-process-or-give-an-error-message/10697
Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org>
---
src/initscripts/system/firewall | 8 ++++++++
1 file changed, 8 insertions(+)
@@ -25,6 +25,9 @@
eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+if [ -r "/var/ipfire/tor/settings" ]; then
+ eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
+fi
IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
if [ -z $IFACE ]; then
IFACE="red0"
@@ -387,6 +390,11 @@ iptables_init() {
# run captivectrl
/usr/local/bin/captivectrl
+ # If a Tor relay is enabled apply firewall rules
+ if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+ /usr/local/bin/torctrl restart 1> /dev/null
+ fi
+
# POLICY CHAIN
iptables -N POLICYIN
iptables -A INPUT -j POLICYIN