Opened 3 years ago

Last modified 3 years ago

#20315 new defect

Tor launcher doesn't respect ReachableAddresses

Reported by: cypherpunks Owned by: brade
Priority: Medium Milestone:
Component: Applications/Tor Launcher Version:
Severity: Normal Keywords:
Cc: mcs Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

On a fresh copy of tor browser, any included ReachableAddresses rules are removed when the torrc file is overwritten by the tor launcher.

Child Tickets

Change History (4)

comment:1 Changed 3 years ago by cypherpunks

I have a situation where my guard should NOT be on *:80 or *:443. It can be anything else.

I added these 2 lines before starting, but the tor launcher would remove them.

ReachableAddresses reject *:80
ReachableAddresses reject *:443

comment:2 Changed 3 years ago by mcs

Cc: mcs added

comment:3 Changed 3 years ago by mcs

Unfortunately, Tor Launcher does not support reject policies for ReachableAddresses. Also, the initial configuration wizard tries to set ReachableAddresses automatically, which means (as you discovered) values set in torrc will be lost.

The only workaround for now is to avoid using Tor Launcher (both the wizard and the Network Settings window) when you need this kind of policy.

comment:4 Changed 3 years ago by cypherpunks

It's difficult to go around this in Tails. Tails calls the Tor Launcher wizard code when the network card connects to the internet, or when the tor process restarts. For now I included explicit iptables (ferm) firewall rules to REJECT debian-tor process outgoing connections to those ports.

Note: See TracTickets for help on using tickets.