In order to make deanonymisation harder, especially high-risk Tor users
might want to use certain Guard relays only (for example operated by
people they trust), enforce Tor to use Guard relays in certain countries
only (for example countries with very strict data protection laws or
poor diplomatic relations), or avoid Guard relays in certain countries
entirely.
Since Tor sticks to sampled Guards for a long time (usually within the
range of months), restricting those is believed to cause less harm to a
users' anonymity than restricting Exit relays, since their diversity of
a generic Tor user is significantly higher.
This patch extends the Tor CGI for restricting Guard nodes to certain
countries or relays matching certain fingerprints.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This extends the functionality of the Tor CGI in order to be able to
select multiple countries for possible Exit relays, which is - in terms
of anonymity - less worse than limiting all Tor circuits to a single
country.
For example, a user might want to avoid Exit relays in more than one
country, and permit Tor to use Exit relays elesewhere, and vice versa.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Fixes: #12529
- If a client N2N configuration will be imported into IPFire systems,
a line will be added which calls the --up script to restart the
static route initscript. Since this is IPFire specific, i will only be
added via import on IPFire system.
- Deleted unneeded line in CLIENTCONF section.
- Added description to SERVERCONF section.
Signed-off-by: ummeegge <erik.kapfer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
When safe search is enabled, it is being enabled on YouTube, too.
This creates problems in some scenarios like schools where politics
is being tought as well as other subjects that might be censored by
YouTube (i.e. election TV spots).
Therefore it is now possible to exclude YouTube from Safe Search
but keep it enabled for the search engines.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Tor provides a function to resolve a relay's IP address into a country
code by taking advantage of a (heavily outdated) GeoIP database shipped
with it.
We should consequently use libloc for doing this, since it can be
confusing if those results differ from active connections in the
connection tracking CGI (where we _use_ libloc) and such tasks are why
we invented libloc in the first place. :-)
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
WPA3 mandates MFP, but many clients do not support it at all.
Therefore this can now be set to optional and clients will
fall back to WPA2.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
The action was performed after the table has already been
rendered which required reloading the page to show a new
share.
This has now been moved to the top so that new changes
will be shown immediately.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is very invalid HTML, very often inserted into spaces where
it should not be, and the page does not even need to be reloaded
after any action has been performed.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Samba will chose this automatically and the documentation advises
against changing the default.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is not a good default to withdraw samba from the race of becoming
the local master browser. There is no reason why it couldn't be.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
It is virtually impossible to limit samba to these interfaces only.
Therefore we add a static list of all interfaces of the local network.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
