From patchwork Wed Nov 4 21:28:22 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3639 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CRKX36p8Dz3wl7 for ; Wed, 4 Nov 2020 21:28:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CRKX23JhZzw7; Wed, 4 Nov 2020 21:28:34 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CRKWz3gvQz2yMv; Wed, 4 Nov 2020 21:28:31 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CRKWy4Yrcz2xd0 for ; Wed, 4 Nov 2020 21:28:30 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CRKWx1GSXzsJ for ; Wed, 4 Nov 2020 21:28:28 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604525309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+QalpzIvQ5eprEnlcdKSENL8n9+9AwKvqStfWNSAbko=; b=WgqCr5ORXnCwuHU+wm0j5FI1AHdMclBPdiI2YiWr9FryugtXD1TN3fYA8BfH7h+tCvIodF 8+QCSIaqzIxrjhDg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604525309; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+QalpzIvQ5eprEnlcdKSENL8n9+9AwKvqStfWNSAbko=; b=JMjZ2EOBHFY+W8P20Ac4FEAXbu5UrjaSykMKdL3fQvCcgoipz+U8WaKIDdv40p4z6gnDDS Ww470NVTz9TJrgSTYQQ2OA//6ekgMhI9d6OiDp0yP+7RzZqUb26ygoljgcUvld+BaNbhDG m2NB7tTXP+nPT4JBeMJy9HHGx7tjdxDl/468S2Eb8xpLl83xQBSqsHwVxIVf/Dx9giobuU gBJJ3nBCqqGrETO/OsHUDvQ/nlQI8sFGv6yEhtgkJU/XIdVHh2nm0rKmCUZ1KNsAJC1jyg ahXlYzMHW/gn/rjeIoOGp4MwHhxfnlZDhc4WwoZxGJHbKtDp6a3pg1bcXUR4eg== To: "IPFire: Development-List" From: =?utf-8?q?Peter_M=C3=BCller?= Subject: [PATCH 1/4] Tor: allow multiple countries to be selected for Exit relays Message-ID: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> Date: Wed, 4 Nov 2020 22:28:22 +0100 MIME-Version: 1.0 Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" This extends the functionality of the Tor CGI in order to be able to select multiple countries for possible Exit relays, which is - in terms of anonymity - less worse than limiting all Tor circuits to a single country. For example, a user might want to avoid Exit relays in more than one country, and permit Tor to use Exit relays elesewhere, and vice versa. Signed-off-by: Peter Müller --- html/cgi-bin/tor.cgi | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 7447bd791..3db4bc22c 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -2,7 +2,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2013-2019 IPFire Team # +# Copyright (C) 2007-2020 IPFire Team # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -319,9 +319,16 @@ END - END + + # Convert Exit/Guard country strings into lists to make comparison easier + my @exit_countries; + if ($settings{'TOR_EXIT_COUNTRY'} ne '') { + @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'}); + } + my @country_codes = &Location::database_countries($db_handle); foreach my $country_code (@country_codes) { # Convert country code into upper case format. @@ -332,8 +339,8 @@ END print "\n"; @@ -678,8 +685,17 @@ sub BuildConfiguration() { if ($settings{'TOR_EXIT_COUNTRY'} ne '') { $strict_nodes = 1; + my $countrylist; + + for my $singlecountry (split(/\|/, $settings{'TOR_EXIT_COUNTRY'})) { + if ($countrylist eq '') { + $countrylist = "{" . lc $singlecountry . "}"; + } else { + $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}"; + } + } - print FILE "ExitNodes {$settings{'TOR_EXIT_COUNTRY'}}\n"; + print FILE "ExitNodes $countrylist\n"; } if ($settings{'TOR_USE_EXIT_NODES'} ne '') { From patchwork Wed Nov 4 21:28:50 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3640 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384 client-signature ECDSA (P-384) client-digest SHA384) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXR0T74z3wl7 for ; Wed, 4 Nov 2020 21:28:55 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CRKXQ54C2z1Fp; Wed, 4 Nov 2020 21:28:54 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CRKXQ4bFDz2yMv; Wed, 4 Nov 2020 21:28:54 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXP1MwSz2xd0 for ; Wed, 4 Nov 2020 21:28:53 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CRKXN1k83zsJ for ; Wed, 4 Nov 2020 21:28:52 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604525332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fcXV1QkKhMEUXl61QBX4jHHx9kseD3UWPGR7JKLlV84=; b=5/S84KvPvA+Kt2g1sOVOxbGSkREiK9frZCRPG5+crX8ZeoWztl+dqJbQcr1X3FRjdSAo3O sOQ2N0E6Ikgy+QCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604525332; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=fcXV1QkKhMEUXl61QBX4jHHx9kseD3UWPGR7JKLlV84=; b=aT/wA60dgFnWi2uCU0dTrv+YE3G7sI1S3j2YUuO73XF/JnlQerh5sEp1SWjjLWjDIB6svq WRN2TRnrf5lhUHF4bMvqlSDu6TNuVzlyeKLnMHuBX2ma+/PWlQ5K5WCFWgrJZzEBX6dVO/ bvFBeyDUHy57Zpu5ByOUlMfKz4Sh2taCuE76xANg3Crvao6lk31yrCTh3Dw33s+W/8u3Ad KBtAgzFqQgqUgZDSNAjpvZ+h3WG3nXrpQ7D2cNqNdO+ouVkSM1wPQ61ZnTq76NjxCVWkMS DYkkSIYqsG/DDgKWujTuLXd/Fl3Iq6lVIweH9uZQtEZTOPrLifoYZw5DEho3Sg== Subject: [PATCH 2/4] Tor: allow enforcing distinct Guard relays or countries To: development@lists.ipfire.org References: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Wed, 4 Nov 2020 22:28:50 +0100 MIME-Version: 1.0 In-Reply-To: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" In order to make deanonymisation harder, especially high-risk Tor users might want to use certain Guard relays only (for example operated by people they trust), enforce Tor to use Guard relays in certain countries only (for example countries with very strict data protection laws or poor diplomatic relations), or avoid Guard relays in certain countries entirely. Since Tor sticks to sampled Guards for a long time (usually within the range of months), restricting those is believed to cause less harm to a users' anonymity than restricting Exit relays, since their diversity of a generic Tor user is significantly higher. This patch extends the Tor CGI for restricting Guard nodes to certain countries or relays matching certain fingerprints. Signed-off-by: Peter Müller --- html/cgi-bin/tor.cgi | 93 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 90 insertions(+), 3 deletions(-) diff --git a/html/cgi-bin/tor.cgi b/html/cgi-bin/tor.cgi index 3db4bc22c..74fa36247 100644 --- a/html/cgi-bin/tor.cgi +++ b/html/cgi-bin/tor.cgi @@ -99,6 +99,8 @@ $settings{'TOR_ENABLED'} = 'off'; $settings{'TOR_SOCKS_PORT'} = 9050; $settings{'TOR_EXIT_COUNTRY'} = ''; $settings{'TOR_USE_EXIT_NODES'} = ''; +$settings{'TOR_GUARD_COUNTRY'} = ''; +$settings{'TOR_USE_GUARD_NODES'} = ''; $settings{'TOR_ALLOWED_SUBNETS'} = "$netsettings{'GREEN_NETADDRESS'}\/$netsettings{'GREEN_NETMASK'}"; if (&Header::blue_used()) { $settings{'TOR_ALLOWED_SUBNETS'} .= ",$netsettings{'BLUE_NETADDRESS'}\/$netsettings{'BLUE_NETMASK'}"; @@ -181,6 +183,15 @@ if ($settings{'ACTION'} eq $Lang::tr{'save'}) { } } + @temp = split(/[\n,]/,$settings{'TOR_USE_GUARD_NODES'}); + $settings{'TOR_USE_GUARD_NODES'} = ""; + foreach (@temp) { + s/^\s+//g; s/\s+$//g; + if ($_) { + $settings{'TOR_USE_GUARD_NODES'} .= $_.","; + } + } + # Burst bandwidth must be less or equal to bandwidth rate. if ($settings{'TOR_RELAY_BANDWIDTH_RATE'} == 0) { $settings{'TOR_RELAY_BANDWIDTH_BURST'} = 0; @@ -284,6 +295,9 @@ END @temp = split(",", $settings{'TOR_USE_EXIT_NODES'}); $settings{'TOR_USE_EXIT_NODES'} = join("\n", @temp); + @temp = split(",", $settings{'TOR_USE_GUARD_NODES'}); + $settings{'TOR_USE_GUARD_NODES'} = join("\n", @temp); + print <
@@ -306,8 +320,57 @@ END -
-
+
+
+ + + + + + + + + + + + + +
$Lang::tr{'tor guard nodes'}
$Lang::tr{'tor use guard nodes'}:
+ + +
+ +
+
@@ -323,7 +386,7 @@ END END - # Convert Exit/Guard country strings into lists to make comparison easier + # Convert Exit country strings into lists to make comparison easier my @exit_countries; if ($settings{'TOR_EXIT_COUNTRY'} ne '') { @exit_countries = split(/\|/, $settings{'TOR_EXIT_COUNTRY'}); @@ -683,6 +746,30 @@ sub BuildConfiguration() { } print FILE "SocksPolicy reject *\n" if (@subnets); + if ($settings{'TOR_GUARD_COUNTRY'} ne '') { + $strict_nodes = 1; + my $countrylist; + + for my $singlecountry (split(/\|/, $settings{'TOR_GUARD_COUNTRY'})) { + if ($countrylist eq '') { + $countrylist = "{" . lc $singlecountry . "}"; + } else { + $countrylist = $countrylist . "," . "{" . lc $singlecountry . "}"; + } + } + + print FILE "EntryNodes $countrylist\n"; + } + + if ($settings{'TOR_USE_GUARD_NODES'} ne '') { + $strict_nodes = 1; + + my @nodes = split(",", $settings{'TOR_USE_GUARD_NODES'}); + foreach (@nodes) { + print FILE "EntryNode $_\n"; + } + } + if ($settings{'TOR_EXIT_COUNTRY'} ne '') { $strict_nodes = 1; my $countrylist; From patchwork Wed Nov 4 21:29:14 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3641 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXw0Wckz3wl7 for ; Wed, 4 Nov 2020 21:29:20 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CRKXv5tjHzw7; Wed, 4 Nov 2020 21:29:19 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CRKXv5QFTz2xq9; Wed, 4 Nov 2020 21:29:19 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CRKXv05Q9z2xd0 for ; Wed, 4 Nov 2020 21:29:19 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CRKXs5BsKzkm for ; Wed, 4 Nov 2020 21:29:17 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604525358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xytQUb9KhY/SOOFNVwEwzCg+OPM/MjiHh2YeTgMNHlM=; b=NCH4r55LmP4opSL/2rdApvXf28o2kj4pJr551cRtUHR7Xe9sc2NMJ+4br6JWdl+zAyyYz9 9tvxvv1aW7aM2eCQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604525358; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=xytQUb9KhY/SOOFNVwEwzCg+OPM/MjiHh2YeTgMNHlM=; b=WwyJKSUpaxfWtCPOnxwDuHEI1fw0LXUVuqsS8nP5pH3ODP0lWKRm9QRbKWXWhzIVIMtzqh xM52pzUlcz7z44zapyrKPWcTvteWGc22tEYpl7x94NOe0G5GdneyE9dSQ4PC4WdFkYEmhY 4+X5kMxsKYb7Bi2iTLMCslDqx9jXIKAXuAh9yRGouIHKGvXtLhWgfOo1OQ1ilr8QVey68e fhO9B1+fcQozODL2ZD8et6FpeCFel/M8gZ8qgGMWkXhk9auAl1QOiSizY53kD2F2HhX8Op 6lWdLDkXKYhcpKvkcipzU36VvRWFiKZHBZ/xVFygpiAxovhV6EuVf7vZVz0X0A== Subject: [PATCH 3/4] update translation files for changed Tor CGI strings To: development@lists.ipfire.org References: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Wed, 4 Nov 2020 22:29:14 +0100 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- langs/de/cgi-bin/de.pl | 6 +++++- langs/en/cgi-bin/en.pl | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/langs/de/cgi-bin/de.pl b/langs/de/cgi-bin/de.pl index 6ad0e02c5..6988aa0ba 100644 --- a/langs/de/cgi-bin/de.pl +++ b/langs/de/cgi-bin/de.pl @@ -2406,6 +2406,9 @@ 'tor exit country' => 'Exit-Land', 'tor exit country any' => 'Beliebig', 'tor exit nodes' => 'Exitknoten', +'tor guard country' => 'Guard-Land', +'tor guard country any' => 'Beliebig', +'tor guard nodes' => 'Guardknoten', 'tor relay address' => 'Relais-Adresse', 'tor relay configuration' => 'Tor-Relais-Konfiguration', 'tor relay enabled' => 'Tor-Relais einschalten', @@ -2424,7 +2427,8 @@ 'tor traffic limit hard' => 'Das Übertragungslimit wurde erreicht.', 'tor traffic limit soft' => 'Das Übertragungslimit wurde fast erreicht. Es werden keine neuen Verbindungen akzeptiert.', 'tor traffic read written' => 'Gesamter Traffic (empfangen/gesendet)', -'tor use exit nodes' => 'Nur diese Exitknoten benutzen (einer pro Zeile)', +'tor use exit nodes' => 'Nur diese Exitknoten benutzen (ein Fingerabdruck pro Zeile)', +'tor use guard nodes' => 'Nur diese Guardknoten benutzen (ein Fingerabdruck pro Zeile)', 'total connection time' => 'Gesammte Verbindungszeit', 'total hits for log section' => 'Gesamte Treffer für Protokollsektion', 'traffic back' => 'Zurück', diff --git a/langs/en/cgi-bin/en.pl b/langs/en/cgi-bin/en.pl index d00de3d03..275f78207 100644 --- a/langs/en/cgi-bin/en.pl +++ b/langs/en/cgi-bin/en.pl @@ -2446,6 +2446,9 @@ 'tor exit country' => 'Exit country', 'tor exit country any' => 'Any country', 'tor exit nodes' => 'Exit Nodes', +'tor guard country' => 'Guard country', +'tor guard country any' => 'Any country', +'tor guard nodes' => 'Guard Nodes', 'tor relay address' => 'Relay address', 'tor relay configuration' => 'Tor Relay Configuration', 'tor relay enabled' => 'Enable Tor Relay', @@ -2464,7 +2467,8 @@ 'tor traffic limit hard' => 'Traffic limit has been reached.', 'tor traffic limit soft' => 'Traffic limit almost reached. Not accepting any new connections.', 'tor traffic read written' => 'Total traffic (read/written)', -'tor use exit nodes' => 'Use only these exit nodes (one per line)', +'tor use exit nodes' => 'Use only these exit nodes (one fingerprint per line)', +'tor use guard nodes' => 'Use only these guard nodes (one fingerprint per line)', 'total connection time' => 'Total Connection Time', 'total hits for log section' => 'Total hits for log section', 'traffic back' => 'Back', From patchwork Wed Nov 4 21:29:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Peter_M=C3=BCller?= X-Patchwork-Id: 3642 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4CRKYG4kgMz3wl7 for ; Wed, 4 Nov 2020 21:29:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4CRKYG2GCJz1GD; Wed, 4 Nov 2020 21:29:38 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4CRKYF6gcrz2xnv; Wed, 4 Nov 2020 21:29:37 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4CRKYD4rRYz2xZ8 for ; Wed, 4 Nov 2020 21:29:36 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4CRKYC4cwkzkm for ; Wed, 4 Nov 2020 21:29:35 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1604525376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RhEwzFY6/eKbLnp/2hC+I+7DLYBeOdld3u6jYcJjXdE=; b=kIB4QDYu8jGFU2f5nnGzveLXF1JNBQwMuRkt1/Osb/wHv0lfa5FyaXN+gZNd0vqKl4qFrX 2RTW092961B/vlAA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1604525376; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=RhEwzFY6/eKbLnp/2hC+I+7DLYBeOdld3u6jYcJjXdE=; b=LccF4z8yVY42qY4g+N+IhxP6/CEGZJ3BNFRJf6aKRay2raEZKOF+C+Sqm6LQPV7eE6Mriy HqTWOje+N8vUjaeH1muI9r8GhQ7WSpLFMjoWpGo4Jpi1vyI/LG/XyWf2GahCo7Mkm27yNV Sv/A1RbqBWqT02h+U7T97xKsPpBJpLiMz7MXywcmJf4vo0vV8m4fzpLCt6+XJ45pUr8cMv 4gZ9xS9McSt1CnJ+CwhRNR2jm9QSg3F6n1+oNa/56CXMSyvLjX8tnjihriymlUd7pmgW7H HBt1L8+RFRKUlgKNHaLMTGm/tYUyWdC1fgPVcmT+RQvnaQvyJEtcjYpmB+c50A== Subject: [PATCH 4/4] Tor: bump package version number To: development@lists.ipfire.org References: <88bdbdd4-1418-1be0-6240-3123ca64c00c@ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= Message-ID: Date: Wed, 4 Nov 2020 22:29:33 +0100 MIME-Version: 1.0 In-Reply-To: Content-Language: en-US X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" Signed-off-by: Peter Müller --- lfs/tor | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lfs/tor b/lfs/tor index 956458407..5610c17d1 100644 --- a/lfs/tor +++ b/lfs/tor @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = tor -PAK_VER = 53 +PAK_VER = 54 DEPS = libseccomp