From 69bb71bea006220ff17117f5b319cbbc2a87e918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sun, 15 Nov 2015 03:57:51 +0100 Subject: [PATCH] updates-proxy: disable filtering at all Since this proxy is used only when explicitly configured in application (package manager), there is no point in worrying about user _erroneously_ using web browser through this proxy. If the user really want to access the network from some other application he/she can always alter firewall rules for that. Fixes QubesOS/qubes-issues#1188 --- network/filter-updates | 19 ------------------- network/tinyproxy-updates.conf | 6 ------ rpm_spec/core-vm.spec | 1 - 3 files changed, 26 deletions(-) delete mode 100644 network/filter-updates diff --git a/network/filter-updates b/network/filter-updates deleted file mode 100644 index 3b0c6fd..0000000 --- a/network/filter-updates +++ /dev/null @@ -1,19 +0,0 @@ -# Yum filters -# ----------------------------------------------------------------------------- -/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\|\.xz\)\?$ -/repodata/repomd\.xml$ -\.rpm$ -\.drpm$ -^mirrors\.fedoraproject\.org:443$ -^http://mirrors\..*/mirrorlist\? - -# Debian filters -# -# Whonix uses sourceforge to host its repos and url can end in: -# '/' or '/download' or '?.*' -# ----------------------------------------------------------------------------- -\.deb\(\|\/\|\/download\|\?.*\)$ -/dists/[a-z/-]*/\(InRelease\|Release\|Release.gpg\)\(\|\|/\|\/download\|\?.*\)$ -/dists/[a-z/-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.gpg\)\(\|\|/\|\/download\|\?.*\)$ -/dists/[a-z/-]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)\(\|\|/\|\/download\|\?.*\)$ -/dists/[a-z/-]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)\(\|\|/\|\/download\|\?.*\)$ diff --git a/network/tinyproxy-updates.conf b/network/tinyproxy-updates.conf index d4d25e8..d2a260a 100644 --- a/network/tinyproxy-updates.conf +++ b/network/tinyproxy-updates.conf @@ -20,11 +20,5 @@ DisableViaHeader Yes Allow 127.0.0.1 Allow 10.137.0.0/16 - -Filter "/etc/tinyproxy/filter-updates" -FilterURLs On -#FilterExtended On -#FilterCaseSensitive On -FilterDefaultDeny Yes ConnectPort 443 diff --git a/rpm_spec/core-vm.spec b/rpm_spec/core-vm.spec index 277ede8..affddae 100644 --- a/rpm_spec/core-vm.spec +++ b/rpm_spec/core-vm.spec @@ -321,7 +321,6 @@ rm -f %{name}-%{version} %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf %config(noreplace) /etc/qubes/iptables.rules %config(noreplace) /etc/qubes/ip6tables.rules -%config(noreplace) /etc/tinyproxy/filter-updates %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules