Hi,
the recipe on the torproject page the way it is displayed does not allow for the firewall to be properly set. This results operators new to FEDORA installing Bridges WITHOUT any firewall.
This is both because firewalld does not come in with most fedora VPS and because firewalld remains inactive when not started even when enabled.
please add the line
sudo dnf install firewalld sudo systemctl enable firewalld systemctl start firewalld; firewall-cmd --add-port TODO1/tcp --permanent firewall-cmd --add-port TODO2/tcp --permanent systemctl status firewalld; firewall-cmd --reload
at the location where firewall-cmd is stated in the existing torproject recipe webpage for fedora!
That'd be some progress:).
FOR CLARITY, here is a scripts that is concise and replicating a functional version of the torproject intent on fedora BRIDGES, for your review and open to positive criticism.
dns update dnf install dnf-automatic systemctl enable --now dnf-automatic-install.timer
rm /etc/yum.repos.d/Tor.repo echo "[tor]" > /etc/yum.repos.d/Tor.repo echo "name=Tor for Fedora $releasever - $basearch" >> /etc/yum.repos.d/Tor.repo echo "baseurl=https://rpm.torproject.org/fedora/$releasever/$basearch"
/etc/yum.repos.d/Tor.repo
echo "enabled=1" >> /etc/yum.repos.d/Tor.repo echo "gpgcheck=1" >> /etc/yum.repos.d/Tor.repo echo "gpgkey=https://rpm.torproject.org/fedora/public_gpg.key" >> /etc/yum.repos.d/Tor.repo echo "cost=100" >> /etc/yum.repos.d/Tor.repo
dnf install tor dnf install obfs4
rm /etc/tor/torrc echo "RunAsDaemon 1" > /etc/tor/torrc echo "BridgeRelay 1" >> /etc/tor/torrc echo "ORPort TODO1" >> /etc/tor/torrc echo "ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy" >> /etc/tor/torrc echo "ServerTransportListenAddr obfs4 yourIPaddress:TODO2" >> /etc/tor/torrc echo "ExtORPort auto" >> /etc/tor/torrc echo "AccountingMax 10 TBytes" >> /etc/tor/torrc echo "AccountingStart day 00:00" >> /etc/tor/torrc echo "RelayBandwidthBurst 200 MBytes" >> /etc/tor/torrc echo "RelayBandwidthRate 200 MBytes" >> /etc/tor/torrc echo "ContactInfo your-email@example.com" >> /etc/tor/torrc echo "Nickname TODO3" >> /etc/tor/torrc
getenforce setenforce 0 echo "SELINUX=permissive" > /etc/selinux/config echo "SELINUXTYPE=targeted" >> /etc/selinux/config
sudo dnf install firewalld sudo systemctl enable firewalld systemctl start firewalld; firewall-cmd --add-port TODO1/tcp --permanent firewall-cmd --add-port TODO2/tcp --permanent systemctl status firewalld; firewall-cmd --reload systemctl enable --now tor
echo "please be prepared to copy-paste the entire (incomplete) bridge-line"
nano /var/db/tor/pt_state/obfs4_bridgeline.txt
echo "please be prepared to copy-paste the ----server's identity key fingerprint------ down for the next step."
echo "the structure to communicate about your bridge will be: " echo "Bridge obfs4 <yourIPaddress>:TODO2 TODO3 <paste server's identity key fingerprint copied from the next step-to-come> <paste bridge line already copied the previous step>"
wait 5s
journalctl -e -u tor
Carlos.
updates every second week.