Restrict Tor outbound ports w/ `WHOOGLE_TOR_FF`

Setting `WHOOGLE_TOR_FF` will attempt to modify the existing torrc file with the "FascistFirewall 1" config, which restricts outbound ports to reachable values. Fixes #907
1 year ago · 4f85076a2b
parent 76c78d8584
commit 4f85076a2b
1 changed files with 17 additions and 0 deletions
--- a/misc/tor/start-tor.sh
+++ b/misc/tor/start-tor.sh
@ -1,10 +1,27 @@
 #!/bin/sh

+FF_STRING="FascistFirewall 1"
+
 if [ "$WHOOGLE_TOR_SERVICE" == "0" ]; then
    echo "Skipping Tor startup..."
    exit 0
 fi

+if [ "$WHOOGLE_TOR_FF" == "1" ]; then
+    if (grep -q "$FF_STRING" /etc/tor/torrc); then
+        echo "FascistFirewall feature already enabled."
+    else
+        echo "$FF_STRING" >> /etc/tor/torrc
+
+        if [ "$?" -eq 0 ]; then
+            echo "FascistFirewall added to /etc/tor/torrc"
+        else
+            echo "ERROR: Unable to modify /etc/tor/torrc with $FF_STRING."
+            exit 1
+        fi
+    fi
+fi
+
 if [ "$(whoami)" != "root" ]; then
    tor -f /etc/tor/torrc
 else