Bug: Ensure tor exit is disabled properly

Simply disabling exit policies is not enough to disable an exit node, it also needs to be explicitly disabled. This may change in future versions of tor, but for now, explicitly adding 'ExitRelay 0' to the configuration is needed. This fixes #8863.
author: Micah Anderson <micah@riseup.net> 2017-09-14 10:33:41 -0400
committer: Micah Anderson <micah@riseup.net> 2017-10-05 19:24:42 -0400
commit: fdb58381afa317ab9639dffa59f4155395b68718 (patch)
tree: 367d5f5723204a4d6888230d5e0e2ada63b562d4 /puppet
parent: 96f8af37b4a3bbd9a15651e27f588073c0601299 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/puppet/modules/site_tor/manifests/disable_exit.pp b/puppet/modules/site_tor/manifests/disable_exit.pp
index 078f80ae..85c24bfc 100644
--- a/puppet/modules/site_tor/manifests/disable_exit.pp
+++ b/puppet/modules/site_tor/manifests/disable_exit.pp
@@ -1,7 +1,13 @@
+# ensure that the tor relay is not configured as an exit node
 class site_tor::disable_exit {
   tor::daemon::exit_policy {
     'no_exit_at_all':
       reject => [ '*:*' ];
   }
+# In a future version of Tor, ExitRelay 0 may become the default when no ExitPolicy is given.
+  tor::daemon::snippet {
+    'disable_exit':
+      content => 'ExitRelay 0';
+  }
 }
author	Micah Anderson <micah@riseup.net>	2017-09-14 10:33:41 -0400
committer	Micah Anderson <micah@riseup.net>	2017-10-05 19:24:42 -0400
commit	fdb58381afa317ab9639dffa59f4155395b68718 (patch)
tree	367d5f5723204a4d6888230d5e0e2ada63b562d4 /puppet
parent	96f8af37b4a3bbd9a15651e27f588073c0601299 (diff)