Opened 17 months ago

Last modified 6 months ago

#26889 assigned enhancement

torsocks: option to disable all network traffic

Reported by: ilf Owned by:
Priority: Low Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords: torsocks, option, disable network
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I've already talked to dgoulet about this:

I would love an option to make torsocks disable all network traffic. There are many good use cases to run applications without Internet communication. For example, commands in mailcap(4) to display non-text.

This is a classic job for (application) firewalls, but torsocks has all the functionality already, f.e. if used with an invalid --port where no Tor or proxy is actually listening. But this is an ugly hack.

A --disable-network option would be very easy for torsocks, and very useful. Of course, it's low priority.

Child Tickets

Change History (3)

comment:1 Changed 12 months ago by onirony

Status: newneeds_information

One really easy way to implement this would be to have the --disable-network option ask the OS for an unused ephemeral port and set TORSOCKS_TOR_PORT to that.

As you noted, applications like Firejail are pretty much created for exactly this kind of situation, and it's really easy to use:

firejail --net=none [command]

This reminds me of those early-nineties debates between acolytes of the GNU and BSD camps, where GNU created very fully-featured utilities and BSD was creating small utilities that did one thing well.

Anyway, I'll gladly implement this if y'all deem my admittedly-also-pretty-hacky (but also good enough in all plausible scenarios!) ephemeral port solution to be an acceptable approach. Or in the likely event that someone suggests a better way, I'll do it that way.

Last edited 10 months ago by onirony (previous) (diff)

comment:2 Changed 11 months ago by ilf

You are absolutely right, quoting the UNIX philosophy: "Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new 'features'."

As I said, "this is a classic job for (application) firewalls, but torsocks has all the functionality already".

Your approach sounds reasonable, although I'm not sure how complicated checking that the ephemeral port is actually unused is.

I'll leave the decision on this to the authors and maintainers.

comment:3 Changed 6 months ago by gaba

Owner: dgoulet deleted
Status: needs_informationassigned

removing dgoulet from ownership in torsocks component

Note: See TracTickets for help on using tickets.