Does whonix have torrents available?

Patrick · August 5, 2020, 8:30pm

Never knew this being an issue.
Documented just now:

Obviously imperfect.

Whonix/whonix-firewall/blob/master/usr/bin/whonix-workstation-firewall#L433-L450


      
          if [ "$TUNNEL_FIREWALL_ALLOW_CONTROL_PORT_FILTER_PROXY" = "true" ]; then
            $iptables_cmd -A OUTPUT -p tcp --dport "$CONTROL_PORT_FILTER_PROXY_PORT" --dst "127.0.0.1" -j ACCEPT
            $iptables_cmd -A OUTPUT -p tcp --dport "$CONTROL_PORT_FILTER_PROXY_PORT" --dst "$GATEWAY_IP" -j ACCEPT
            $iptables_cmd -A OUTPUT -p tcp --dport "$CONTROL_PORT_FILTER_PROXY_PORT" --dst "$GATEWAY_IP_HARDCODED" -j ACCEPT
          fi
          
          if [ "$TUNNEL_FIREWALL_ALLOW_TB_UPDATER" = "true" ]; then
            if [ "$firewall_mode" = "timesync-fail-closed" ]; then
              true
            else
              ## SOCKS_PORT_TBB_DOWNLOAD
              $iptables_cmd -A OUTPUT -p tcp --dport "9115" --dst "$GATEWAY_IP" -j ACCEPT
              $iptables_cmd -A OUTPUT -p tcp --dport "9115" --dst "$GATEWAY_IP_HARDCODED" -j ACCEPT
            fi
          fi
          
          if [ "$TUNNEL_FIREWALL_ALLOW_SYSTEMCHECK" = "true" ]; then
            if [ "$firewall_mode" = "timesync-fail-closed" ]; then

You could comment out that line

$iptables_cmd -A OUTPUT ! -p tcp -j REJECT --reject-with icmp-port-unreachable

from /usr/bin/whonix-workstation-firewall

sudoedit /usr/bin/whonix-workstation-firewall

Make that

#$iptables_cmd -A OUTPUT ! -p tcp -j REJECT --reject-with icmp-port-unreachable

(or delete the whole line)

This change will be lost after whonix-firewall upgrade.

I guess we’ll need a Whonix-Firewall option to allow outgoing UDP?