mirror of
https://github.com/opnsense/plugins.git
synced 2026-05-28 04:34:15 -04:00
os-tor Extra settings for source IP and IPv6 (#536)
* Quick fixes to allow IPv6 and Outboundbinding -allow specification of secondary ORPort (intended for IPv6) -allow specification of 2 source addresses via source IP fields, especially usefull for exits. -default directory port to 9030 and set to mandatory (needed for relay) All of the IPv6 fields use the same input verification as the HOST field, should perhaps be changed? * ... * forgot torrc.... * Include manual config in torrc file include optional /usr/local/etc/torrc.exitpolicy after after exit policies set via interface before default reject to allow easy config of custom exit policy. * Cleanup for merge * Scheduler KIST is Linux 2.6.39+ only, should not be enabled on BSD https://www.torproject.org/docs/tor-manual.html.en * Cleaning up torrc whitespaces, fixed regex * fixing up things * Do actual IPv4 validation (reject any invalid IPv4) * Provide dropdown menu on general settings tab to allow choice in scheduler order and schedulers with following options: -KISTLite,Vanilla (default) -Vanilla,KISTLite -KISTLite -Vanilla * fixed missing options * whitespace * removed comma from default option for scheduler * Delete opnsense.tgz
This commit is contained in:
Gijs Peskens
Fabian Franz BSc
parent
b17d57ef3d
commit
6488afa2dc
5 changed files with 75 additions and 3 deletions
|
|
@ -52,6 +52,13 @@
|
|||
<style>dropdownstyle</style>
|
||||
<help>This is the detail level of the log. A higher level means more data is logged.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.scheduler</id>
|
||||
<label>Scheduler</label>
|
||||
<type>dropdown</type>
|
||||
<style>dropdownstyle</style>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
<id>general.fascist_firewall</id>
|
||||
<label>Fascist Mode</label>
|
||||
|
|
|
|||
|
|
@ -11,6 +11,12 @@
|
|||
<type>text</type>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
<id>relay.hostv6</id>
|
||||
<label>IPv6 Host</label>
|
||||
<type>text</type>
|
||||
<advanced>true</advanced>
|
||||
</field>
|
||||
<field>
|
||||
<id>relay.port</id>
|
||||
<label>Port</label>
|
||||
|
|
@ -22,6 +28,20 @@
|
|||
<type>text</type>
|
||||
<help>The external FQDN of this host.</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>relay.outboundbind</id>
|
||||
<label>Source IP</label>
|
||||
<type>text</type>
|
||||
<advanced>true</advanced>
|
||||
<help>Originate all traffic from this IP</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>relay.outboundbindv6</id>
|
||||
<label>IPv6 Source</label>
|
||||
<type>text</type>
|
||||
<advanced>true</advanced>
|
||||
<help>Originate all IPv6 traffic from this IP</help>
|
||||
</field>
|
||||
<field>
|
||||
<id>relay.nick</id>
|
||||
<label>Nickname</label>
|
||||
|
|
|
|||
|
|
@ -64,6 +64,17 @@
|
|||
<debug>Debugging</debug>
|
||||
</OptionValues>
|
||||
</sysloglevel>
|
||||
<scheduler type="OptionField">
|
||||
<Required>Y</Required>
|
||||
<multiple>N</multiple>
|
||||
<default>KISTLiteVanilla</default>
|
||||
<OptionValues>
|
||||
<KISTLiteVanilla>KISTLite,Vanilla</KISTLiteVanilla>
|
||||
<VanillaKISTLite>Vanilla,KISTLite</VanillaKISTLite>
|
||||
<KISTLite>KISTLite</KISTLite>
|
||||
<Vanilla>Vanilla</Vanilla>
|
||||
</OptionValues>
|
||||
</scheduler>
|
||||
<fascist_firewall type="BooleanField">
|
||||
<default>0</default>
|
||||
<Required>Y</Required>
|
||||
|
|
|
|||
|
|
@ -8,8 +8,20 @@
|
|||
</enabled>
|
||||
<host type="TextField">
|
||||
<Required>N</Required>
|
||||
<mask>/^(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}|[a-f0-9:]{2,})$/i</mask>
|
||||
<mask>/^([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])$/</mask>
|
||||
</host>
|
||||
<hostv6 type="TextField">
|
||||
<Required>N</Required>
|
||||
<mask>/^[a-f0-9:]{2,}$/i</mask>
|
||||
</hostv6>
|
||||
<outboundbind type="TextField">
|
||||
<Required>N</Required>
|
||||
<mask>/^([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])\.([1-9]?\d|1\d\d|2[0-4]\d|25[0-5])$/</mask>
|
||||
</outboundbind>
|
||||
<outboundbindv6 type="TextField">
|
||||
<Required>N</Required>
|
||||
<mask>/^[a-f0-9:]{2,}$/i</mask>
|
||||
</outboundbindv6>
|
||||
<port type="IntegerField">
|
||||
<default>9001</default>
|
||||
<MinimumValue>0</MinimumValue>
|
||||
|
|
|
|||
|
|
@ -63,6 +63,18 @@ Log {{ OPNsense.tor.general.sysloglevel }} syslog
|
|||
{% endif %}
|
||||
|
||||
|
||||
{% if OPNsense.tor.general.scheduler == 'KISTLiteVanilla' %}
|
||||
Scheduler KISTLite,Vanilla
|
||||
{% endif %}
|
||||
{% if OPNsense.tor.general.scheduler == 'Vanilla' %}
|
||||
Scheduler Vanilla
|
||||
{% endif %}
|
||||
{% if OPNsense.tor.general.scheduler == 'KISTLite' %}
|
||||
Scheduler KISTLite
|
||||
{% endif %}
|
||||
{% if OPNsense.tor.general.scheduler == 'VanillaKISTLite' %}
|
||||
Scheduler Vanilla,KISTLite
|
||||
{% endif %}
|
||||
|
||||
DataDirectory /var/db/tor
|
||||
|
||||
|
|
@ -125,8 +137,10 @@ HiddenServicePort {{ acl.port}} {{ acl.target_host }}:{{ acl.target_port }}
|
|||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.tor.relay.enabled') and OPNsense.tor.relay.enabled == '1' %}
|
||||
|
||||
ORPort {% if helpers.exists('OPNsense.tor.relay.host') and OPNsense.tor.relay.host != '' %}{{ OPNsense.tor.relay.host }}:{% endif%}{{ OPNsense.tor.relay.port|default('9001') }}
|
||||
{% if helpers.exists('OPNsense.tor.relay.hostv6') and OPNsense.tor.relay.hostv6 != '' %}
|
||||
ORPort [{{ OPNsense.tor.relay.hostv6 }}]:{{ OPNsense.tor.relay.port|default('9001') }}
|
||||
{% endif%}
|
||||
|
||||
{% if helpers.exists('OPNsense.tor.relay.address') and OPNsense.tor.relay.address != '' %}
|
||||
Address {{ OPNsense.tor.relay.address }}
|
||||
|
|
@ -141,6 +155,13 @@ Address {{ OPNsense.tor.relay.address }}
|
|||
#OutboundBindAddressExit 10.0.0.4
|
||||
#OutboundBindAddressOR 10.0.0.5
|
||||
|
||||
{% if helpers.exists('OPNsense.tor.relay.outboundbind') and OPNsense.tor.relay.outboundbind != '' %}
|
||||
OutboundBindAddress {{ OPNsense.tor.relay.outboundbind }}
|
||||
{% endif %}
|
||||
{% if helpers.exists('OPNsense.tor.relay.outboundbindv6') and OPNsense.tor.relay.outboundbindv6 != '' %}
|
||||
OutboundBindAddress {{ OPNsense.tor.relay.outboundbindv6 }}
|
||||
{% endif %}
|
||||
|
||||
{% if helpers.exists('OPNsense.tor.relay.nick') and OPNsense.tor.relay.nick != '' %}
|
||||
Nickname {{ OPNsense.tor.relay.nick }}
|
||||
{% endif %}
|
||||
|
|
@ -172,8 +193,9 @@ RelayBandwidthBurst {{ OPNsense.tor.relay.bandwithburst }} KBytes
|
|||
#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
|
||||
|
||||
{% if helpers.exists('OPNsense.tor.relay.directory_port') and OPNsense.tor.relay.directory_port != '' %}
|
||||
DirPort {{ OPNsense.tor.relay.directory_port }}
|
||||
DirPort {% if helpers.exists('OPNsense.tor.relay.host') and OPNsense.tor.relay.host != '' %}{{ OPNsense.tor.relay.host }}:{% endif%}{{ OPNsense.tor.relay.directory_port }}
|
||||
{% endif %}
|
||||
|
||||
## Uncomment to return an arbitrary blob of html on your DirPort. Now you
|
||||
## can explain what Tor is if anybody wonders why your IP address is
|
||||
## contacting them. See contrib/tor-exit-notice.html in Tor's source
|
||||
|
|
|
|||
Loading…
Reference in a new issue