Fix onion-grater profile for Whonix

Wahay sends an IP of 0.0.0.0 to ADD_ONION, which needs to be translated on the Whonix-Gateway to the Workstation IP. (This also reduces attack surface a bit.)
digitalautonomy · Mar 6, 2021 · 505e6a6 · 505e6a6
1 parent 9299ae2
commit 505e6a6
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/packaging/tails/onion-grater-profile.yml b/packaging/tails/onion-grater-profile.yml
@@ -5,7 +5,10 @@
     - 'amnesia'
   commands:
     ADD_ONION:
-      - '.*'
+      # TODO: Make Wahay restrict the local port range it listens on.
+      # Whonix will use 0.0.0.0; most other OS's will use 127.0.0.1.
+      - pattern:     'NEW:(\S+) Port=8181,(?:127.0.0.1|0.0.0.0):(\S+) Port=64738,(?:127.0.0.1|0.0.0.0):(\S+)'
+        replacement: 'NEW:{} Port=8181,{client-address}:{} Port=64738,{client-address}:{} Flags=DiscardPK'
     DEL_ONION:
       - '.+'
     GETINFO: