From 4f85076a2bd9229054144929ba51b8227081b896 Mon Sep 17 00:00:00 2001
From: Ben Busby <contact@benbusby.com>
Date: Thu, 29 Dec 2022 16:08:40 -0700
Subject: [PATCH] Restrict Tor outbound ports w/ `WHOOGLE_TOR_FF`

Setting `WHOOGLE_TOR_FF` will attempt to modify the existing torrc file
with the "FascistFirewall 1" config, which restricts outbound ports to
reachable values.

Fixes #907
---
 misc/tor/start-tor.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/misc/tor/start-tor.sh b/misc/tor/start-tor.sh
index 372e214..8d77ee6 100755
--- a/misc/tor/start-tor.sh
+++ b/misc/tor/start-tor.sh
@@ -1,10 +1,27 @@
 #!/bin/sh
 
+FF_STRING="FascistFirewall 1"
+
 if [ "$WHOOGLE_TOR_SERVICE" == "0" ]; then
     echo "Skipping Tor startup..."
     exit 0
 fi
 
+if [ "$WHOOGLE_TOR_FF" == "1" ]; then
+    if (grep -q "$FF_STRING" /etc/tor/torrc); then
+        echo "FascistFirewall feature already enabled."
+    else
+        echo "$FF_STRING" >> /etc/tor/torrc
+
+        if [ "$?" -eq 0 ]; then
+            echo "FascistFirewall added to /etc/tor/torrc"
+        else
+            echo "ERROR: Unable to modify /etc/tor/torrc with $FF_STRING."
+            exit 1
+        fi
+    fi
+fi
+
 if [ "$(whoami)" != "root" ]; then
     tor -f /etc/tor/torrc
 else