[tor-relays] torproject fedora bridge recipe fails the firewall part: suggest of update.
Carlos
eff_03675549 at posteo.se
Sun Apr 7 21:55:40 UTC 2024
Hi,
the recipe on the torproject page the way it is displayed does not allow
for the firewall to be properly set.
This results operators new to FEDORA installing Bridges WITHOUT any
firewall.
This is both because firewalld does not come in with most fedora VPS and
because firewalld remains inactive when not started even when enabled.
please add the line
sudo dnf install firewalld
sudo systemctl enable firewalld
systemctl start firewalld;
firewall-cmd --add-port TODO1/tcp --permanent
firewall-cmd --add-port TODO2/tcp --permanent
systemctl status firewalld;
firewall-cmd --reload
at the location where firewall-cmd is stated in the existing torproject
recipe webpage for fedora!
That'd be some progress:).
FOR CLARITY, here is a scripts that is concise and replicating a
functional version of the torproject intent on fedora BRIDGES, for your
review and open to positive criticism.
dns update
dnf install dnf-automatic
systemctl enable --now dnf-automatic-install.timer
rm /etc/yum.repos.d/Tor.repo
echo "[tor]" > /etc/yum.repos.d/Tor.repo
echo "name=Tor for Fedora $releasever - $basearch" >>
/etc/yum.repos.d/Tor.repo
echo "baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch"
>> /etc/yum.repos.d/Tor.repo
echo "enabled=1" >> /etc/yum.repos.d/Tor.repo
echo "gpgcheck=1" >> /etc/yum.repos.d/Tor.repo
echo "gpgkey=https://rpm.torproject.org/fedora/public_gpg.key" >>
/etc/yum.repos.d/Tor.repo
echo "cost=100" >> /etc/yum.repos.d/Tor.repo
dnf install tor
dnf install obfs4
rm /etc/tor/torrc
echo "RunAsDaemon 1" > /etc/tor/torrc
echo "BridgeRelay 1" >> /etc/tor/torrc
echo "ORPort TODO1" >> /etc/tor/torrc
echo "ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy" >>
/etc/tor/torrc
echo "ServerTransportListenAddr obfs4 yourIPaddress:TODO2" >> /etc/tor/torrc
echo "ExtORPort auto" >> /etc/tor/torrc
echo "AccountingMax 10 TBytes" >> /etc/tor/torrc
echo "AccountingStart day 00:00" >> /etc/tor/torrc
echo "RelayBandwidthBurst 200 MBytes" >> /etc/tor/torrc
echo "RelayBandwidthRate 200 MBytes" >> /etc/tor/torrc
echo "ContactInfo <your-email at example.com>" >> /etc/tor/torrc
echo "Nickname TODO3" >> /etc/tor/torrc
getenforce
setenforce 0
echo "SELINUX=permissive" > /etc/selinux/config
echo "SELINUXTYPE=targeted" >> /etc/selinux/config
sudo dnf install firewalld
sudo systemctl enable firewalld
systemctl start firewalld;
firewall-cmd --add-port TODO1/tcp --permanent
firewall-cmd --add-port TODO2/tcp --permanent
systemctl status firewalld;
firewall-cmd --reload
systemctl enable --now tor
echo "please be prepared to copy-paste the entire (incomplete) bridge-line"
nano /var/db/tor/pt_state/obfs4_bridgeline.txt
echo "please be prepared to copy-paste the ----server's identity key
fingerprint------ down for the next step."
echo "the structure to communicate about your bridge will be: "
echo "Bridge obfs4 <yourIPaddress>:TODO2 TODO3 <paste server's identity
key fingerprint copied from the next step-to-come> <paste bridge line
already copied the previous step>"
wait 5s
journalctl -e -u tor
Carlos.
updates every second week.
--
PGP updated every second week : please actualize our communication every time.
More information about the tor-relays
mailing list