From c13e9a4227eaeceaf98f75b5b740c8373f716862 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Mon, 29 Apr 2019 15:38:43 -0700 Subject: [PATCH] i2p: Don't enable proxies on external zone - Only web interface (protected by sign-on) should be available on external interfaces. - Proxies should only be available on internal interfaces. Otherwise, they will become open proxies on the Internet which might have implications for the FreedomBox user. - Update description to convey that we are not opening SOCKS proxy but only HTTP, HTTPS and IRC proxies. Signed-off-by: Sunil Mohan Adapa --- plinth/modules/i2p/__init__.py | 32 ++++++++++++++++++++------------ plinth/modules/i2p/views.py | 2 +- 2 files changed, 21 insertions(+), 13 deletions(-) diff --git a/plinth/modules/i2p/__init__.py b/plinth/modules/i2p/__init__.py index 84bd74904..f2ec2bb34 100644 --- a/plinth/modules/i2p/__init__.py +++ b/plinth/modules/i2p/__init__.py @@ -55,6 +55,7 @@ clients = clients group = ('i2p', _('Manage I2P application')) service = None +proxies_service = None manual_page = 'I2P' @@ -71,8 +72,6 @@ tunnels_to_manage = { 'Irc2P': 'i2p-irc-freedombox' } -service_ports = ['http', 'https'] + list(tunnels_to_manage.values()) - def init(): """Intialize the module.""" @@ -80,13 +79,17 @@ def init(): menu.add_urlname(name, 'i2p', 'i2p:index', short_description) register_group(group) - global service + global service, proxies_service setup_helper = globals()['setup_helper'] if setup_helper.get_state() != 'needs-setup': - service = service_module.Service( - managed_services[0], name, ports=service_ports, is_external=True, - is_enabled=is_enabled, enable=enable, disable=disable, - is_running=is_running) + service = service_module.Service(managed_services[0], name, ports=[ + 'http', 'https' + ], is_external=True, is_enabled=is_enabled, enable=enable, + disable=disable, + is_running=is_running) + proxies_service = service_module.Service( + 'i2p-proxies', name, ports=tunnels_to_manage.values(), + is_external=False, is_enabled=is_enabled, is_running=is_running) if is_enabled(): add_shortcut() @@ -114,14 +117,19 @@ def setup(helper, old_version=None): '--value', '0.0.0.0' ]) helper.call('post', enable) - global service + global service, proxies_service if service is None: - service = service_module.Service( - managed_services[0], name, ports=service_ports, is_external=True, - is_enabled=is_enabled, enable=enable, disable=disable, - is_running=is_running) + service = service_module.Service(managed_services[0], name, ports=[ + 'http', 'https' + ], is_external=True, is_enabled=is_enabled, enable=enable, + disable=disable, + is_running=is_running) + proxies_service = service_module.Service( + 'i2p-proxies', name, ports=tunnels_to_manage.values(), + is_external=False, is_enabled=is_enabled, is_running=is_running) helper.call('post', service.notify_enabled, None, True) + helper.call('post', proxies_service.notify_enabled, None, True) helper.call('post', add_shortcut) diff --git a/plinth/modules/i2p/views.py b/plinth/modules/i2p/views.py index ed279a739..00ddc10e5 100644 --- a/plinth/modules/i2p/views.py +++ b/plinth/modules/i2p/views.py @@ -88,7 +88,7 @@ class TunnelsView(ServiceBaseView): _('I2P lets you browse the Internet and hidden services (eepsites) ' 'anonymously. For this, your browser, preferably a Tor Browser, ' 'needs to be configured for a proxy.'), - _('By default HTTP, HTTPS and SOCKS5 proxies are available. Additional ' + _('By default HTTP, HTTPS and IRC proxies are available. Additional ' 'proxies and tunnels may be configured using the tunnel ' 'configuration interface.'), ]