On Tue, Jul 05, 2011 at 12:57:55AM -0300, Tomas Sironi wrote:
No, my home router is only accessible from the LAN. So, if you are sure Tor really block the local address space, then i shouldn't need to use iptables. But i want to be sure first. I couldn't find anything about this in the online manual.
Tor's default exit policy not only blocks "internal" address blocks (like 192.168.0/0/16), but it also blocks your public IP address by default too. See the ExitPolicyRejectPrivate line in your man page.
(You want to block the public IP address too, because when your relay tries to send traffic to the public IP address, your computer will actually route that traffic to the private version of the address.)
So the summary is that Tor has thought about exactly this issue and takes care of it for you automatically unless you disable the ExitPolicyRejectPrivate config option.
--Roger