Qubes/core-agent-linux
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updates-proxy: disable filtering at all

Browse Source 
Since this proxy is used only when explicitly configured in application
(package manager), there is no point in worrying about user
_erroneously_ using web browser through this proxy. If the user really
want to access the network from some other application he/she can always
alter firewall rules for that.

Fixes QubesOS/qubes-issues#1188
This commit is contained in:
Marek Marczykowski-Górecki 2015-11-15 03:57:51 +01:00
parent 5377dc50dc
commit 69bb71bea0
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
3 changed files with 0 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
network/filter-updates
View File

@ -1,19 +0,0 @@
# Yum filters
# -----------------------------------------------------------------------------
/repodata/[A-Za-z0-9-]*\(primary\|filelists\|comps\(-[a-z0-9]*\)\?\|other\|prestodelta\|updateinfo\|pkgtags\)\.\(sqlite\|xml\)\(\.bz2\|\.gz\|\.xz\)\?$
/repodata/repomd\.xml$
\.rpm$
\.drpm$
^mirrors\.fedoraproject\.org:443$
^http://mirrors\..*/mirrorlist\?
# Debian filters
#
# Whonix uses sourceforge to host its repos and url can end in:
# '/' or '/download' or '?.*'
# -----------------------------------------------------------------------------
\.deb\(\|\/\|\/download\|\?.*\)$
/dists/[a-z/-]*/\(InRelease\|Release\|Release.gpg\)\(\|\|/\|\/download\|\?.*\)$
/dists/[a-z/-]*/.*/\(Packages\|Sources\|Release\)\(\|\.gz\|\.bz2\|\.xz\|\.lzma\|\.gpg\)\(\|\|/\|\/download\|\?.*\)$
/dists/[a-z/-]*/.*/\(Contents\|Translation\)-.*\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)\(\|\|/\|\/download\|\?.*\)$
/dists/[a-z/-]*/.*/\(Contents-.*\|Translation-.*\|Packages\)\.diff/\(Index\|[0-9.-]*\)\(\|\.gz\|\.xz\|\.bz2\|\.lzma\)\(\|\|/\|\/download\|\?.*\)$

6
network/tinyproxy-updates.conf
View File

@ -20,11 +20,5 @@ DisableViaHeader Yes
Allow 127.0.0.1 Allow 127.0.0.1
Allow 10.137.0.0/16 Allow 10.137.0.0/16
Filter "/etc/tinyproxy/filter-updates"
FilterURLs On
#FilterExtended On
#FilterCaseSensitive On
FilterDefaultDeny Yes
ConnectPort 443 ConnectPort 443

1
rpm_spec/core-vm.spec
View File

@ -321,7 +321,6 @@ rm -f %{name}-%{version}
%config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf %config(noreplace) /etc/sysctl.d/20_tcp_timestamps.conf
%config(noreplace) /etc/qubes/iptables.rules %config(noreplace) /etc/qubes/iptables.rules
%config(noreplace) /etc/qubes/ip6tables.rules %config(noreplace) /etc/qubes/ip6tables.rules
%config(noreplace) /etc/tinyproxy/filter-updates
%config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf %config(noreplace) /etc/tinyproxy/tinyproxy-updates.conf
%config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules %config(noreplace) /etc/udev/rules.d/50-qubes-misc.rules
%config(noreplace) /etc/udev/rules.d/99-qubes-network.rules %config(noreplace) /etc/udev/rules.d/99-qubes-network.rules