summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTails developers <amnesia@boum.org>2015-02-09 12:51:37 +0100
committerTails developers <amnesia@boum.org>2015-02-09 12:53:19 +0100
commit838ed1d325f3ed5b84890be48e89cd9dcf567669 (patch)
tree3f1dc75db2855d3c088dc077f8223dc05932f954
parent5a80b5342680e85cbec0c5cad4bbfcc36472cd9d (diff)
Make sure we only REDIRECT traffic to the .onion space to Tor's TransPort.
-rw-r--r--features/step_definitions/tor.rb6
1 files changed, 5 insertions, 1 deletions
diff --git a/features/step_definitions/tor.rb b/features/step_definitions/tor.rb
index a523d92..9446482 100644
--- a/features/step_definitions/tor.rb
+++ b/features/step_definitions/tor.rb
@@ -114,6 +114,7 @@ end
Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DNSPort$/ do
next if @skip_steps_while_restoring_background
+ tor_onion_addr_space = "127.192.0.0/10"
iptables_nat_output = @vm.execute_successfully("iptables -t nat -L -n -v").stdout
chains = iptables_parse(iptables_nat_output)
chains.each_pair do |name, chain|
@@ -122,7 +123,10 @@ Then /^the firewall's NAT rules only redirect traffic for Tor's TransPort and DN
good_rules = rules.find_all do |rule|
rule["target"] == "REDIRECT" &&
(
- rule["extra"] == "redir ports 9040" ||
+ (
+ rule["destination"] == tor_onion_addr_space &&
+ rule["extra"] == "redir ports 9040"
+ ) ||
rule["extra"] == "udp dpt:53 redir ports 5353"
)
end