Last active
January 16, 2026 18:14
-
-
Save nukhes/2070194987a4d71c5a2bad7574e79630 to your computer and use it in GitHub Desktop.
Automates the hardening and optimization of Firefox on any Linux distribution, using Firefox's Enterprise Policy Engine to inject system-wide configurations. (This script deletes cookies; use at your own risk)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Ensure the script is run as root | |
| if [ "$EUID" -ne 0 ]; then | |
| echo "Please run as root (sudo)" | |
| exit 1 | |
| fi | |
| # Define the target directory for Firefox system-wide policies | |
| POLICY_DIR="/etc/firefox/policies" | |
| POLICY_FILE="$POLICY_DIR/policies.json" | |
| # Create the directory if it doesn't exist | |
| if [ ! -d "$POLICY_DIR" ]; then | |
| echo "Creating policy directory..." | |
| mkdir -p "$POLICY_DIR" | |
| fi | |
| echo "Applying uBlock, Telemetry blocking, and Fastfox optimizations..." | |
| # Python script to safely parse and merge JSON | |
| python3 - <<EOF | |
| import json | |
| import os | |
| import sys | |
| policy_file = '$POLICY_FILE' | |
| # --- 1. EXTENSIONS (uBlock Origin) --- | |
| ublock_id = "uBlock0@raymondhill.net" | |
| ublock_settings = { | |
| "install_url": "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi", | |
| "installation_mode": "force_installed" | |
| } | |
| # --- 2. BASE PRIVACY & TELEMETRY --- | |
| base_policies = { | |
| "DisableTelemetry": True, | |
| "DisableFirefoxStudies": True, | |
| "DisablePocket": True, | |
| "DisableFeedbackCommands": True, | |
| "SanitizeOnShutdown": { | |
| "Cache": False, | |
| "Cookies": False, | |
| "History": False, | |
| "Sessions": False, | |
| "Downloads": True, | |
| "FormData": True, | |
| "OfflineApps": True | |
| } | |
| } | |
| # --- 3. FASTFOX & PERFORMANCE PREFERENCES --- | |
| # Mapped directly from your Fastfox.js file | |
| fastfox_prefs = { | |
| # General Rendering | |
| "gfx.content.skia-font-cache-size": 32, | |
| "gfx.webrender.all": True, | |
| "gfx.webrender.layer-compositor": True, | |
| "gfx.canvas.accelerated.cache-items": 32768, | |
| "gfx.canvas.accelerated.cache-size": 4096, | |
| "webgl.max-size": 16384, | |
| # Disk Cache (Disabled in favor of RAM) | |
| "browser.cache.disk.enable": False, | |
| # Memory Cache (Optimized for 8GB+ RAM systems per Fastfox) | |
| "browser.cache.memory.capacity": 131072, # 128MB fixed RAM cache | |
| "browser.cache.memory.max_entry_size": 20480, | |
| "browser.sessionhistory.max_total_viewers": 4, | |
| "browser.sessionstore.max_tabs_undo": 10, | |
| # Media Cache | |
| "media.memory_cache_max_size": 262144, | |
| "media.memory_caches_combined_limit_kb": 1048576, | |
| "media.cache_readahead_limit": 600, | |
| "media.cache_resume_threshold": 300, | |
| # Image Cache | |
| "image.cache.size": 10485760, | |
| "image.mem.decode_bytes_at_a_time": 65536, | |
| # Network / Connection Tuning | |
| "network.http.max-connections": 1800, | |
| "network.http.max-persistent-connections-per-server": 10, | |
| "network.http.max-urgent-start-excessive-connections-per-host": 5, | |
| "network.http.request.max-start-delay": 5, | |
| "network.http.pacing.requests.enabled": False, | |
| "network.dnsCacheEntries": 10000, | |
| "network.dnsCacheExpiration": 3600, | |
| "network.ssl_tokens_cache_capacity": 10240, | |
| # Speculative Loading (Privacy/Bandwidth Hardening) | |
| "network.http.speculative-parallel-limit": 0, | |
| "network.dns.disablePrefetch": True, | |
| "network.dns.disablePrefetchFromHTTPS": True, | |
| "browser.urlbar.speculativeConnect.enabled": False, | |
| "browser.places.speculativeConnect.enabled": False, | |
| "network.prefetch-next": False, | |
| # QoL | |
| "sidebar.revamp": False | |
| } | |
| # --- LOGIC: MERGE INTO JSON --- | |
| data = {} | |
| # Load existing | |
| if os.path.exists(policy_file): | |
| try: | |
| with open(policy_file, 'r') as f: | |
| content = f.read().strip() | |
| if content: | |
| data = json.loads(content) | |
| except Exception: | |
| data = {} | |
| # Ensure structure | |
| if 'policies' not in data: | |
| data['policies'] = {} | |
| if 'ExtensionSettings' not in data['policies']: | |
| data['policies']['ExtensionSettings'] = {} | |
| if 'Preferences' not in data['policies']: | |
| data['policies']['Preferences'] = {} | |
| # Apply Base Policies | |
| for key, value in base_policies.items(): | |
| data['policies'][key] = value | |
| # Apply uBlock | |
| data['policies']['ExtensionSettings'][ublock_id] = ublock_settings | |
| # Apply Fastfox Preferences | |
| # We merge these into the 'Preferences' policy object | |
| for key, value in fastfox_prefs.items(): | |
| data['policies']['Preferences'][key] = value | |
| # Write to file | |
| try: | |
| with open(policy_file, 'w') as f: | |
| json.dump(data, f, indent=2) | |
| print("Success: Fastfox configuration applied to system-wide policies.") | |
| except OSError as e: | |
| print("Error writing file: " + str(e)) | |
| sys.exit(1) | |
| EOF | |
| if [ $? -eq 0 ]; then | |
| echo "Done. Restart Firefox to see changes." | |
| else | |
| echo "Failed." | |
| exit 1 | |
| fi |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Run with one command.
curl -fsSL https://gist.githubusercontent.com/nukhes/2070194987a4d71c5a2bad7574e79630/raw | sudo bash