From 505e6a62d22d2256394fb139cddae8e54ed9457c Mon Sep 17 00:00:00 2001 From: Jeremy Rand Date: Sat, 6 Mar 2021 09:03:54 +0000 Subject: [PATCH] Fix onion-grater profile for Whonix Wahay sends an IP of 0.0.0.0 to ADD_ONION, which needs to be translated on the Whonix-Gateway to the Workstation IP. (This also reduces attack surface a bit.) --- packaging/tails/onion-grater-profile.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/packaging/tails/onion-grater-profile.yml b/packaging/tails/onion-grater-profile.yml index beb91946..7dfcb453 100644 --- a/packaging/tails/onion-grater-profile.yml +++ b/packaging/tails/onion-grater-profile.yml @@ -5,7 +5,10 @@ - 'amnesia' commands: ADD_ONION: - - '.*' + # TODO: Make Wahay restrict the local port range it listens on. + # Whonix will use 0.0.0.0; most other OS's will use 127.0.0.1. + - pattern: 'NEW:(\S+) Port=8181,(?:127.0.0.1|0.0.0.0):(\S+) Port=64738,(?:127.0.0.1|0.0.0.0):(\S+)' + replacement: 'NEW:{} Port=8181,{client-address}:{} Port=64738,{client-address}:{} Flags=DiscardPK' DEL_ONION: - '.+' GETINFO: