[tor-relays] torproject fedora bridge recipe fails the firewall part: suggest of update.

Carlos eff_03675549 at posteo.se
Sun Apr 7 21:55:40 UTC 2024


Hi,

the recipe on the torproject page the way it is displayed does not allow 
for the firewall to be properly set.
This results operators new to FEDORA installing Bridges WITHOUT any 
firewall.


This is both because firewalld does not come in with most fedora VPS and 
because firewalld remains inactive when not started even when enabled.

please add the line

  sudo dnf install firewalld
sudo systemctl enable firewalld
systemctl start firewalld;
firewall-cmd --add-port TODO1/tcp --permanent
firewall-cmd --add-port TODO2/tcp --permanent
systemctl status firewalld;
firewall-cmd --reload


at the location where firewall-cmd is stated in the existing torproject 
recipe webpage for fedora!


That'd be some progress:).



FOR CLARITY, here is a scripts that is concise and replicating a 
functional version of the torproject intent on fedora BRIDGES, for your 
review and open to positive criticism.

dns update
dnf install dnf-automatic
systemctl enable --now dnf-automatic-install.timer

rm /etc/yum.repos.d/Tor.repo
echo "[tor]" > /etc/yum.repos.d/Tor.repo
echo "name=Tor for Fedora $releasever - $basearch" >> 
/etc/yum.repos.d/Tor.repo
echo "baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch" 
 >> /etc/yum.repos.d/Tor.repo
echo "enabled=1" >> /etc/yum.repos.d/Tor.repo
echo "gpgcheck=1" >> /etc/yum.repos.d/Tor.repo
echo "gpgkey=https://rpm.torproject.org/fedora/public_gpg.key" >> 
/etc/yum.repos.d/Tor.repo
echo "cost=100" >> /etc/yum.repos.d/Tor.repo

dnf install tor
dnf install obfs4

rm /etc/tor/torrc
echo "RunAsDaemon 1" > /etc/tor/torrc
echo "BridgeRelay 1" >> /etc/tor/torrc
echo "ORPort TODO1" >> /etc/tor/torrc
echo "ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy" >> 
/etc/tor/torrc
echo "ServerTransportListenAddr obfs4 yourIPaddress:TODO2" >> /etc/tor/torrc
echo "ExtORPort auto" >> /etc/tor/torrc
echo "AccountingMax 10 TBytes" >> /etc/tor/torrc
echo "AccountingStart day 00:00" >> /etc/tor/torrc
echo "RelayBandwidthBurst 200 MBytes" >> /etc/tor/torrc
echo "RelayBandwidthRate 200 MBytes" >> /etc/tor/torrc
echo "ContactInfo <your-email at example.com>" >> /etc/tor/torrc
echo "Nickname TODO3" >> /etc/tor/torrc

getenforce
setenforce 0
echo "SELINUX=permissive" > /etc/selinux/config
echo "SELINUXTYPE=targeted" >> /etc/selinux/config

sudo dnf install firewalld
sudo systemctl enable firewalld
systemctl start firewalld;
firewall-cmd --add-port TODO1/tcp --permanent
firewall-cmd --add-port TODO2/tcp --permanent
systemctl status firewalld;
firewall-cmd --reload
systemctl enable --now tor

echo "please be prepared to copy-paste the entire (incomplete) bridge-line"

nano /var/db/tor/pt_state/obfs4_bridgeline.txt

echo "please be prepared to copy-paste the ----server's identity key 
fingerprint------ down for the next step."

echo "the structure to communicate about your bridge will be: "
echo "Bridge obfs4 <yourIPaddress>:TODO2 TODO3 <paste server's identity 
key fingerprint copied from the next step-to-come> <paste bridge line 
already copied the previous step>"

wait 5s

journalctl -e -u tor

Carlos.

updates every second week.

-- 
PGP updated every second week : please actualize our communication every time.



More information about the tor-relays mailing list