From patchwork Thu Nov 10 19:31:33 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?=
 <peter.mueller@ipfire.org>
X-Patchwork-Id: 6127
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
	by web04.haj.ipfire.org (Postfix) with ESMTPS id 4N7X5Z0JD7z3wgZ
	for <patchwork@web04.haj.ipfire.org>; Thu, 10 Nov 2022 19:31:46 +0000 (UTC)
Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384
	 client-signature ECDSA (P-384) client-digest SHA384)
	(Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK))
	by mail01.ipfire.org (Postfix) with ESMTPS id 4N7X5X5zYgzYm;
	Thu, 10 Nov 2022 19:31:44 +0000 (UTC)
Received: from mail02.haj.ipfire.org (localhost [127.0.0.1])
	by mail02.haj.ipfire.org (Postfix) with ESMTP id 4N7X5X4VXVz2xxk;
	Thu, 10 Nov 2022 19:31:44 +0000 (UTC)
Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384)
 client-signature ECDSA (P-384))
 (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK))
 by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4N7X5W6137z2xLW
 for <development@lists.ipfire.org>; Thu, 10 Nov 2022 19:31:43 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384)
 (No client certificate requested)
 by mail01.ipfire.org (Postfix) with ESMTPSA id 4N7X5T3Lttz7C
 for <development@lists.ipfire.org>; Thu, 10 Nov 2022 19:31:40 +0000 (UTC)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003ed25519; t=1668108703;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=xw8OeeqXCCkg4BeWtHb3zNOPHag4+/hBoDbI8o0vQRY=;
 b=WN9Se8VbJjd2BBWJRvHeSXMKU157RWboBxIEhu3NXd8bVaMSvmEfM4H2KZukBpEFZ8zLIf
 ygVksNqxN8DLtVDw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org;
 s=202003rsa;
 t=1668108703;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:mime-version:mime-version:content-type:content-type:
 content-transfer-encoding:content-transfer-encoding;
 bh=xw8OeeqXCCkg4BeWtHb3zNOPHag4+/hBoDbI8o0vQRY=;
 b=MLLTczypFMw8MNSA+bxyi/kaW9WmkswXohCivsIjN1/8/yPAXtLRIq3OGBR8jGE7iwTKBQ
 ibf7e+xBbj/uClkO9tizx1Qpc8R9N2Z4a7UMCMRVb5mr8j+3PsnXFGZoQrEuchYVU4mA4L
 bR75jB5P/OaiG5snATD8tQUmUs54F9J6Phxkz2/8YxwlRRYDre/mzfup+6YUGs3wjJPKFb
 aDTJF0jsnwuzMQSnoNj5eDAPtwbJ6PqaLiQJT3gFnRcRKxmWaf6Jd+ThvGofDAexEUUCZX
 /HJZSrmTpN0n+z4lH8xL/JqmJNzLfgnROgzkEs6x0sKzJC4dXPpPujgmjWKt+g==
Message-ID: <7ebcbd8d-254b-f71f-54d5-8b4b40f50f0d@ipfire.org>
Date: Thu, 10 Nov 2022 19:31:33 +0000
MIME-Version: 1.0
Content-Language: en-US
To: "IPFire: Development" <development@lists.ipfire.org>
From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org>
Subject: [PATCH] Tor: Disable SOCKS port if unused
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <https://lists.ipfire.org/mailman/options/development>,
 <mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <https://lists.ipfire.org/mailman/listinfo/development>,
 <mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

Fixes: #11780
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 html/cgi-bin/tor.cgi | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi
index 539a74343..96be35102 100644
--- a/html/cgi-bin/tor.cgi
+++ b/html/cgi-bin/tor.cgi
@@ -2,7 +2,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -796,7 +796,9 @@ sub BuildConfiguration() {
 		if ($strict_nodes > 0) {
 			print FILE "StrictNodes 1\n";
 		}
-	}
+	 } else {
+		print FILE "SocksPort 0\n";
+	 }
 
 	if ($settings{'TOR_RELAY_ENABLED'} eq 'on') {
 		# Reject access to private networks.