summaryrefslogtreecommitdiff
path: root/puppet/modules
diff options
context:
space:
mode:
authorMicah Anderson <micah@riseup.net>2017-09-14 10:33:41 -0400
committerMicah Anderson <micah@riseup.net>2017-10-05 19:24:42 -0400
commitfdb58381afa317ab9639dffa59f4155395b68718 (patch)
tree367d5f5723204a4d6888230d5e0e2ada63b562d4 /puppet/modules
parent96f8af37b4a3bbd9a15651e27f588073c0601299 (diff)
Bug: Ensure tor exit is disabled properly
Simply disabling exit policies is not enough to disable an exit node, it also needs to be explicitly disabled. This may change in future versions of tor, but for now, explicitly adding 'ExitRelay 0' to the configuration is needed. This fixes #8863.
Diffstat (limited to 'puppet/modules')
-rw-r--r--puppet/modules/site_tor/manifests/disable_exit.pp6
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp
index 078f80ae..85c24bfc 100644
--- a/puppet/modules/site_tor/manifests/disable_exit.pp
+++ b/puppet/modules/site_tor/manifests/disable_exit.pp
@@ -1,7 +1,13 @@
+# ensure that the tor relay is not configured as an exit node
class site_tor::disable_exit {
tor::daemon::exit_policy {
'no_exit_at_all':
reject => [ '*:*' ];
}
+# In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
+ tor::daemon::snippet {
+ 'disable_exit':
+ content => 'ExitRelay 0';
+ }
}