QubesOS/qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

whonix: Lockdown network if not connected to a tor-newvm

Browse Source
This commit is contained in:
Jason Mehring 2014-11-11 13:41:42 -05:00
parent 356f49d779
commit d92d6d1577
4 changed files with 28 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml
View File

@ -7,6 +7,3 @@ update:
<p><B>Tor netvm required for updates!</B></p> <p><B>Tor netvm required for updates!</B></p>
<p>Please ensure your template vm has a Whonix gateway as it's VM.</p> <p>Please ensure your template vm has a Whonix gateway as it's VM.</p>
<p>No updates are possible without an active (running) Whonix gateway VM.</p> <p>No updates are possible without an active (running) Whonix gateway VM.</p>
<p/>
<p><b>Template will now power off</b></p>

15
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup
View File

@ -41,6 +41,19 @@ elif [ "${WHONIX}" == "workstation" ]; then
fi fi
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
# Set secure defaults.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Flush old rules.
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Display warning that netvm is not connected to a torvm
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml
#sudo /sbin/poweroff
fi fi

3
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml
View File

@ -7,6 +7,3 @@ update:
<p><B>Tor netvm required for updates!</B></p> <p><B>Tor netvm required for updates!</B></p>
<p>Please ensure your template vm has a Whonix gateway as it's VM.</p> <p>Please ensure your template vm has a Whonix gateway as it's VM.</p>
<p>No updates are possible without an active (running) Whonix gateway VM.</p> <p>No updates are possible without an active (running) Whonix gateway VM.</p>
<p/>
<p><b>Template will now power off</b></p>

15
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup
View File

@ -41,6 +41,19 @@ elif [ "${WHONIX}" == "workstation" ]; then
fi fi
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
# Set secure defaults.
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
# Flush old rules.
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Display warning that netvm is not connected to a torvm
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml
#sudo /sbin/poweroff
fi fi