[tor-dev] Help with pf and iOS

Ralf-Philipp Weinmann ralf at coderpunks.org
Thu May 31 15:46:49 UTC 2012

On 5/31/12 5:19 PM, sid77 at slackware.it wrote:
> Hi all,

Hi Sid.

> it took me a year or so but I've finally managed to build Tor for iOS with a working support for TransPort, as you can see on: https://github.com/sid77/evelyn/blob/master/tor/make.sh


> The next natural step is to hack together full device torification as iOS jailbroken devices can run pf (without ALTQ support).
> I'm not very comfortable with pf and pfctl so my first step was to head out to https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy#BSDPF looking for some clue. 

It's been a while since I've used pf for serious things, but I think I
can still manage.

> However, jailbroken iOS' ifconfig can not bring up a second loopback interface (I think the kernel is not allowing it) so I had to test out some custom rules, my current pf.conf is as follow:

That's weird. I can look into that over the weekend.

> -8<-
> scrub in
> rdr pass on lo0 inet proto tcp all -> port 9040
> rdr pass on lo0 inet proto udp to port domain -> port domain
> block return out
> pass quick on lo0 keep state
> pass out quick inet proto tcp user nobody flags S/SA modulate state
> pass out quick route-to lo0 inet proto udp to port domain keep state
> pass out quick route-to lo0 inet proto tcp all flags S/SA modulate state
> -8<-
> taken from: https://github.com/sid77/mobiletor/blob/master/pf.conf
> I apply it running this script: https://github.com/sid77/sbsettingstor/blob/master/com.sbsettingstor.enable
> Tor is running as user nobody (not really secure but I still have to figure out system user management on the platform) and answering DNS queries on
> This solution is failing *REALLY* hard as I managed to run into a kernel panic as soon as I tried to generate some traffic with Mobile Safari or Cydia.
> Is there any pf guru out there which can give me some insights?

I expect that you really _DO NEED_ that second loopback interface for
the above config, otherwise your packets will just end up in one big
loop. A workaround might be to tag the packets when they are rdr'ed and
make sure that you only rdr packets that are non-tagged. I have to look
up the exact syntax on how to do that. I strongly suggest testing your
pf rules on another machine first (OpenBSD or FreeBSD VM) and then
deploying in iOS.

Do you have the kernel crash log handy by any chance? It should be in


More information about the tor-dev mailing list