(Manually overwrote this with tor-controlport-filter-merger.d in my tests.)
In /lib/systemd/system/tor-controlport-filter.service.d/30_cpfpy.conf please add above ExecStart=
:
ExecStartPre=/usr/lib/tor-controlport-filter-merger
This needs some debugging. Fails for a unknown reason.
sudo service tor-controlport-filter restart
Job for tor-controlport-filter.service failed because the control process exited with error code.
See “systemctl status tor-controlport-filter.service” and “journalctl -xe” for details.
sudo service tor-controlport-filter status
● tor-controlport-filter.service - Tor control port filter proxy
Loaded: loaded (/lib/systemd/system/tor-controlport-filter.service; enabled; vendor preset: enabled)
Drop-In: /lib/systemd/system/tor-controlport-filter.service.d
└─30_cpfpy.conf, 30_whonix_cpfpy.conf
Active: failed (Result: exit-code) since Tue 2017-01-31 21:10:56 UTC; 944ms ago
Docs: Tails - Design: specification and implementation
Process: 10297 ExecStartPre=/usr/lib/tor-controlport-filter-merger (code=exited, status=1/FAILURE)
Main PID: 9346 (code=killed, signal=TERM)
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Control process exited, code=exited status=1
Jan 31 21:10:56 host systemd[1]: Failed to start Tor control port filter proxy.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Unit entered failed state.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Failed with result ‘exit-code’.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Service hold-off time over, scheduling restart.
Jan 31 21:10:56 host systemd[1]: Stopped Tor control port filter proxy.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Start request repeated too quickly.
Jan 31 21:10:56 host systemd[1]: Failed to start Tor control port filter proxy.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Unit entered failed state.
Jan 31 21:10:56 host systemd[1]: tor-controlport-filter.service: Failed with result ‘exit-code’.
Did run the merger and filter manually… Might have found a bug. Added 40_ricochet.yml and 30_whonix.yml. The resulting 30_autogenerated.yml …
cat /etc/tor-controlport-filter.d/30_autogenerated.yml
## This file is part of Whonix.
## Manual edits to this file will be lost!
## This file has been auto generated by...
---
- commands:
ADD_ONION:
- pattern: NEW:(\S+) Port=9878,\S+:(\S+)
replacement: NEW:{} Port=9878,{client-address}:{}
- pattern: (\S+):(\S+) Port=9878,\S+:(\S+)
replacement: '{}:{} Port=9878,{client-address}:{}'
DEL_ONION:
- .+
GETCONF:
- DisableNetwork
GETINFO:
- pattern: status/circuit-established status/bootstrap-phase net/listeners/socks
response:
- pattern: 250-status/bootstrap-phase=*
replacement: 250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done
SUMMARY="Done"
- pattern: 250-net/listeners/socks=".*"
replacement: 250-net/listeners/socks="127.0.0.1:9150"
- status/circuit-established
- version
- pattern: net/listeners/socks
response:
- pattern: 250-net/listeners/socks=".*"
replacement: 250-net/listeners/socks="127.0.0.1:9150"
SIGNAL:
- NEWNYM
confs:
__owningcontrollerprocess: null
events:
CONF_CHANGED:
suppress: true
SIGNAL:
suppress: true
STATUS_CLIENT:
suppress: true
match-exe-paths: '*'
match-hosts:
- '*'
match-users: '*'
name: 'merged_filter_files: 40_ricochet.yml 30_whonix.yml'
The filter does not work with that.
sudo -u tor-controlport-filter /usr/lib/tor-controlport-filter --debug --listen-interface eth1
IP address for interface eth1 : 10.137.11.1
Tor control port filter started, listening on 10.137.11.1:9051
10.137.11.80:42806 (filter: None) connected: loaded filter: None
Final rules:
commands: {}
events: {}
restrict-stream-events: false