Reminds me… On variable initialization generally…
whonix-gateway-firewall currently only using this style:
## Socks Ports for per application circuits.
## SOCKS_PORT_TOR_DEFAULT
INTERNAL_OPEN_PORTS+=" 9050 "
## SOCKS_PORT_TB
INTERNAL_OPEN_PORTS+=" 9100 "
## SOCKS_PORT_IRC
INTERNAL_OPEN_PORTS+=" 9101 "
I liked that style because nobody was asking how to remove any such ports ever and because then each port could be easily commented.
It’s run in function variables_defaults. But function source_config_folder runs before that. Therefore you cannot unset it in config but no worries you can do it another way. On top of it there is:
if [ ! "$WORKSTATION_ALLOW_SOCKSIFIED" = "1" ]; then
return 0
fi
So in the gateway firewall config just set:
WORKSTATION_ALLOW_SOCKSIFIED=0
In result, no INTERNAL_OPEN_PORTS will be set at all. Then it would be up to the user to configure INTERNAL_OPEN_PORTS or not use any of these ports.
How does that sound?
WORKSTATION_ALLOW_SOCKSIFIED=0 already has the same purpose, good?
Then we’d have to check if that variable is unset versus set to "" (empty). Would also be an interesting. Contributions welcome.
If WORKSTATION_ALLOW_SOCKSIFIED=0 is set for sure would be good to have an info message for that.