Tor launcher doesn't respect ReachableAddresses

On a fresh copy of tor browser, any included ReachableAddresses rules are removed when the torrc file is overwritten by the tor launcher.

added component::applications/tor launcher owner::brade priority::medium severity::normal status::new type::defect labels

I have a situation where my guard should NOT be on *:80 or *:443. It can be anything else.

I added these 2 lines before starting, but the tor launcher would remove them.

ReachableAddresses reject *:80 ReachableAddresses reject *:443

Trac:
Cc: N/A to mcs

Unfortunately, Tor Launcher does not support reject policies for ReachableAddresses. Also, the initial configuration wizard tries to set ReachableAddresses automatically, which means (as you discovered) values set in torrc will be lost.

The only workaround for now is to avoid using Tor Launcher (both the wizard and the Network Settings window) when you need this kind of policy.

It's difficult to go around this in Tails. Tails calls the Tor Launcher wizard code when the network card connects to the internet, or when the tor process restarts. For now I included explicit iptables (ferm) firewall rules to REJECT debian-tor process outgoing connections to those ports.

moved to tpo/applications/tor-launcher#20315 (closed)