Last update: March 17, 2019. This website uses cookies. By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. More information

 Actions

Whonix Configuration Files

.d Style Configuration Folders[edit]

When you are editing configuration files, when available, it is recommended to prefer editing .d style configuration folders to avoid the disadvantage of ordinary configuration files.

This applies to Whonix as well as most, if not all, other Debian based Linux distributions.

Most of Whonix's packages provide flexible .d style configuration folders that work like other .d style configuration folders.

  • /etc/whonix.d
  • /etc/whonix_firewall.d
  • /etc/controlportfilt.d (Only up to Whonix-Gateway 9.)
  • /etc/cpfpy.d (Only on Whonix-Gateway 10 and above.)
  • /etc/whonix_buildconfig.d (Only if you build from source code.)
  • /etc/sdwdate.d
  • /etc/uwt.d

We'll explain it using an example. For example, /etc/whonix_firewall.d/30_default.conf says.

## Please use "/etc/whonix_firewall.d/50_user.conf" for your custom configuration,
## which will override the defaults found here. When Whonix is updated, this 
## file may be overwritten.

The same in other words.

## Instead of editing this file, please create and use the file
## "/etc/whonix_firewall.d/50_user.conf". When Whonix is updated, 
## "/etc/whonix_firewall.d/30_default.conf" will be overwritten. Files in folder 
## "/etc/whonix_firewall.d/" are sourced in alphabetical order. Anything in 
## "/etc/whonix_firewall.d/50_user.conf" will always override the defaults,
## allowing the user to keep their settings after updating Whonix.

The same yet in other words... Files in .d folders are usually sourced in lexical order. That means, files named 30_... will always get overruled by files named 50_....

For example, directly editing /etc/whonix_firewall.d/30_default.conf is recommended against. This is because, next time Whonix gets updated, /etc/whonix_firewall.d/30_default may get new settings and improved settings. You would end up with an dpkg interactive conflict resolution dialog, which would for example look the following.

Configuration file `/etc/whonix_firewall.d/30_default.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** interfaces (Y/I/N/O/D/Z) [default=N] ? N

Modifications coming with Whonix will always fall back to reasonable defaults, if you were still using an old version. However, to prevent such conflicts in the first place, you're better off reading /etc/whonix_firewall.d/30_default.conf, leaving /etc/whonix_firewall.d/30_default.conf untouched, copying settings you wish to overrule from /etc/whonix_firewall.d/30_default.conf and pasting them into /etc/whonix_firewall.d/50_user.conf.

Ordinary Configuration Files[edit]

There is something you should be aware of when editing ordinary, non-.d style configuration files. This applies to Whonix as well as most, if not all, other Debian based Linux distributions.

We'll explain it using an example. Let's take for example /etc/hdparm.conf.

There is no /etc/hdparm.d folder. Therefore, if you want to make changes, your only option is to edit /etc/hdparm.conf. But this comes with a disadvantage. Next time this file gets changed by the hdparm maintainer and you upgrade your system, you would end up with an dpkg interactive conflict resolution dialog, which would for example look the following.

Configuration file `/etc/hdparm.conf'
 ==> Modified (by you or by a script) since installation.
 ==> Package distributor has shipped an updated version.
   What would you like to do about it ?  Your options are:
    Y or I  : install the package maintainer's version
    N or O  : keep your currently-installed version
      D     : show the differences between the versions
      Z     : background this process to examine the situation
 The default action is to keep your current version.
*** interfaces (Y/I/N/O/D/Z) [default=N] ? N

Check the differences (D), then make a decision. If you know you made changes to that file, you most likely want to keep them, i.e. select N. If you are unsure, after the upgrade finished, check again that config file and re-apply your settings if necessary.

Footnotes[edit]


No user support in comments. See Support.

Comments will be deleted after some time. Specifically after comments have been addressed in form of wiki enhancements. See Wiki Comments Policy.


Add your comment
Whonix welcomes all comments. If you do not want to be anonymous, register or log in. It is free.


Random News:

We are looking for video production specialists to help create demonstration, promotional and conceptual videos or tutorials.


https | (forcing) onion

Share: Twitter | Facebook

This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix, then Edit! Edits are held for moderation.

Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP. Whonix is a trademark. Whonix is a licensee of the Open Invention Network. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix itself. (Why?)

By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent. Whonix is provided by ENCRYPTED SUPPORT LP. See Imprint.