summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc/ferm/ferm.conf
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/etc/ferm/ferm.conf')
-rw-r--r--config/chroot_local-includes/etc/ferm/ferm.conf11
1 files changed, 8 insertions, 3 deletions
diff --git a/config/chroot_local-includes/etc/ferm/ferm.conf b/config/chroot_local-includes/etc/ferm/ferm.conf
index 798e1fd..48e6593 100644
--- a/config/chroot_local-includes/etc/ferm/ferm.conf
+++ b/config/chroot_local-includes/etc/ferm/ferm.conf
@@ -52,16 +52,16 @@ domain ip {
}
# White-list access to Tor's ControlPort
- daddr 127.0.0.1 proto tcp dport 9051 {
- mod owner uid-owner tor-launcher ACCEPT;
+ daddr 127.0.0.1 proto tcp dport 9052 {
# Needed by a workaround in tordate (NM's 20-time.sh hook)
# for temporarily changing Tor's logging severity.
mod owner uid-owner root ACCEPT;
}
# White-list access to the Tor control port filter
- daddr 127.0.0.1 proto tcp dport 9052 {
+ daddr 127.0.0.1 proto tcp dport 9051 {
mod owner uid-owner $amnesia_uid ACCEPT;
+ mod owner uid-owner tor-launcher ACCEPT;
}
# White-list access to Tor's TransPort
@@ -126,6 +126,11 @@ domain ip {
daddr 127.0.0.1 proto tcp syn dport 6136 {
mod owner uid-owner $amnesia_uid ACCEPT;
}
+
+ # White-list access to OnionShare
+ daddr 127.0.0.1 proto tcp syn dport 17600:17650 {
+ mod owner uid-owner amnesia ACCEPT;
+ }
}
# clearnet is allowed to connect to any TCP port via the