Yggdrasil in WS - Custom IPv6 settings

ZeroFlag · April 15, 2022, 9:02am

I installed Yggdrasil (connects over Tor) in Whonix WS. The setup needs IPv6 firewall rules to allow tun0 traffic. This works well when I load the rules manually. Now I want to make them load automatically on startup and when running “Reload Firewall” from the menu. Where is the correct place in Whonix WS to put custom IPv6 rules?

Patrick · April 15, 2022, 5:01pm

iptables to my knowledge isn’t really “plugin friendly”.

Whonix at time of writing doesn’t have a feature to easily add custom firewall rules. You’d have to invent such a mechanism yourself such as with a custom systemd unit that runs after whonix-firewall.service. Maybe a systemd drop-in would work.

Added to wiki just now:

Additional User Custom Firewall Rules

Information for developers:

related package:

related source code file:

genmkfile has a function which might be useful to port to whonxi-firewall. Function make_function_run has a:

_hook_pre, and a
_hook_post

might be helpful.

github.com

Kicksecure/genmkfile/blob/master/usr/share/genmkfile/make-helper-one.bsh#L1684-L1702


      
                         ## Skipping files such as .dpkg-old and .dpkg-dist.
                         if ( echo "$i" | grep -q ".dpkg-" ); then
                            true "skip $i"
                            continue
                         fi
                         bash -n "$i"
                         source "$i"
                      fi
                   done
                fi
             done
          }
          
          
make_function_run() {
             local function_name function_name_return_code
             function_name="$1"
             shift
             if type -t "${function_name}_hook_pre" >/dev/null ; then
                "${function_name}_hook_pre" "$@"

Patches welcome.