[or-cvs] r13144: Cleaned up iptables, corrected some minor errors (netmasks f (in incognito/trunk/root_overlay/var/lib: iptables kdesession)
anonym at seul.org
anonym at seul.org
Wed Jan 16 02:35:14 UTC 2008
Author: anonym
Date: 2008-01-15 21:35:14 -0500 (Tue, 15 Jan 2008)
New Revision: 13144
Modified:
incognito/trunk/root_overlay/var/lib/iptables/rules-save
incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc
incognito/trunk/root_overlay/var/lib/kdesession/torkrc
Log:
Cleaned up iptables, corrected some minor errors (netmasks for private networks).
Turned off TorK OSD connection listing.
KDE's ksmserver now ignore vidalia, TorK and knetworkmanager (started through .kde/Autostart instead)
Modified: incognito/trunk/root_overlay/var/lib/iptables/rules-save
===================================================================
--- incognito/trunk/root_overlay/var/lib/iptables/rules-save 2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/iptables/rules-save 2008-01-16 02:35:14 UTC (rev 13144)
@@ -1,52 +1,42 @@
-# Generated by iptables-save v1.3.6 on Thu Dec 21 14:32:27 2006
+# Generated by iptables-save v1.3.8 on Wed Jan 16 02:17:09 2008
*filter
-:INPUT ACCEPT [333351:305303232]
+:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [829:62910]
+:OUTPUT ACCEPT [0:0]
# Established connections are accepted
-[333804:328742263] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# Local networks should not go through Tor
[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT
-[4309:147963] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
-[3185:212487] -A OUTPUT -d 172.16.0.0/255.255.0.0 -j ACCEPT
-[7680:500308] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
-# Tor is allowed to do anything it wants to
-[587:35220] -A OUTPUT -m owner --uid-owner tor -j ACCEPT
-
-# Reject remaining TCP traffic, which should have been redirected to Tor (see below)
-[0:0] -A OUTPUT -p tcp -j REJECT --reject-with icmp-port-unreachable
-
-# Reject all UDP since we cannot anonymize it
-[0:0] -A OUTPUT -p udp -j REJECT --reject-with icmp-port-unreachable
-
+# Tor is allowed to do anything it wants to, everything else is dropped
+[0:0] -A OUTPUT -m owner --uid-owner tor -j ACCEPT
+[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+
COMMIT
-
-# Completed on Thu Dec 21 14:32:27 2006
-# Generated by iptables-save v1.3.6 on Thu Dec 21 14:32:27 2006
+# Completed on Wed Jan 16 02:17:09 2008
+# Generated by iptables-save v1.3.8 on Wed Jan 16 02:17:09 2008
*nat
-:PREROUTING ACCEPT [4337577:1351180165]
-:POSTROUTING ACCEPT [13134711:761547407]
-:OUTPUT ACCEPT [13096834:759280116]
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
-# Tor and polipo are allowed to do anything they want to
-[787:47220] -A OUTPUT -m owner --uid-owner tor -j RETURN
-[787:47220] -A OUTPUT -m owner --uid-owner polipo -j RETURN
-
# Local networks should not go through Tor
[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
-[4216:131407] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
-[3168:211467] -A OUTPUT -d 172.16.0.0/255.255.0.0 -j RETURN
-[6710:440633] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
-# .onion mapped addresses
-[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
+# .onion mapped addresses redirection to Tor
+[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
-# Redirect all remaining TCP to Tor
-[547:32820] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
+# Redirect all remaining TCP traffic to Tor
+[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
COMMIT
-# Completed on Thu Dec 21 14:32:27 2006
+# Completed on Wed Jan 16 02:17:09 2008
Modified: incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc 2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc 2008-01-16 02:35:14 UTC (rev 13144)
@@ -3,7 +3,7 @@
[General]
screenCount=1
-excludeApps=vidalia,tork,knetworkmanager
+excludeApps=/home/gentoo/.kde/Autostart/vidalia,/home/gentoo/.kde3.5/Autostart/vidalia,vidalia,/home/gentoo/.kde/Autostart/tork,/home/gentoo/.kde3.5/Autostart/tork,tork,knetworkmanager
[LegacySession: saved at previous logout]
count=0
Modified: incognito/trunk/root_overlay/var/lib/kdesession/torkrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/torkrc 2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/kdesession/torkrc 2008-01-16 02:35:14 UTC (rev 13144)
@@ -70,7 +70,7 @@
QuickConfigure=6
ShowApplySettingsQuestions=false
ShowDNSLeaks=false
-ShowTorMon=true
+ShowTorMon=false
ShowUsageWarnings=false
SystemProxy=true
TorLocation=/usr/bin/tor
More information about the tor-commits
mailing list