Firewall initscript: Restore Tor IPTable rules by manual firewall restart

If the firewall will be manually restart via '/etc/init.d/firewall restart', the IPTable rules for the Tor relay will be deleted since 'iptables_init' only flushes and creates inbound and unbound chains for Tor but does not restore the ruleset from Tor initscript. For reference and tests please see --> https://community.ipfire.org/t/tor-stop-working-without-stop-the-process-or-give-an-error-message/10697 Signed-off-by: Erik Kapfer <erik.kapfer@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
2026-04-14 21:12:59 +02:00 · 2024-01-16 16:26:39 +01:00
parent b87cd867f7
commit e5a77641f3
1 changed files with 8 additions and 0 deletions
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -25,6 +25,9 @@
 eval $(/usr/local/bin/readhash /var/ipfire/ppp/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/ethernet/settings)
 eval $(/usr/local/bin/readhash /var/ipfire/optionsfw/settings)
+if [ -r "/var/ipfire/tor/settings"  ]; then
+	eval $(/usr/local/bin/readhash /var/ipfire/tor/settings)
+fi
 IFACE=`/bin/cat /var/ipfire/red/iface 2> /dev/null | /usr/bin/tr -d '\012'`
 if [ -z $IFACE ]; then
 	IFACE="red0"
@@ -387,6 +390,11 @@ iptables_init() {
 	# run captivectrl
 	/usr/local/bin/captivectrl

+	# If a Tor relay is enabled apply firewall rules
+	if [ "${TOR_RELAY_ENABLED}" = "on" -a -n "${TOR_RELAY_PORT}" ]; then
+		/usr/local/bin/torctrl restart 1> /dev/null
+	fi
+
 	# POLICY CHAIN
 	iptables -N POLICYIN
 	iptables -A INPUT -j POLICYIN