[tor-dev] Help with pf and iOS

sid77 at slackware.it sid77 at slackware.it
Thu May 31 16:29:56 UTC 2012

----- Original Message -----
From: "Ralf-Philipp Weinmann" <ralf at coderpunks.org>
To: tor-dev at lists.torproject.org
Sent: Thursday, 31 May, 2012 5:46:49 PM
Subject: Re: [tor-dev] Help with pf and iOS

> Whoohoo!
LOL, thanks!

> I expect that you really _DO NEED_ that second loopback interface for
> the above config, otherwise your packets will just end up in one big
> loop. A workaround might be to tag the packets when they are rdr'ed and
> make sure that you only rdr packets that are non-tagged. I have to look
> up the exact syntax on how to do that. I strongly suggest testing your
> pf rules on another machine first (OpenBSD or FreeBSD VM) and then
> deploying in iOS.
Yeah, I sense the loop there. I thought that

pass quick on lo0 keep state
pass out quick inet proto tcp user nobody flags S/SA modulate state

was my "exit strategy", anyway. Looks like they never really work ;-)
Tagging packets is a good idea! It's something I didn't think to try in first place as, usually, it's useless when it comes to iptables but it's pf here, so I should definitively try it.

> Do you have the kernel crash log handy by any chance? It should be in
> /Library/Logs/CrashReporter/Panics
Gone, but I will try to replicate it. Looking for some 0days, are you? :-P

More information about the tor-dev mailing list