iptables and tor
dante
dante at virtualblueness.net
Sun Feb 10 19:48:47 UTC 2008
> The packets coming in on Tor TLS tunnels are destined for your node.
> They go up the stack through TCP and TLS to the Tor application
> itself. Tor does its AES CTR encryption on the cells coming out of
> these streams, and puts them in other streams based on the circuit
> labels. Here they get TLS'd, packed into TCP segments and go out.
> This means that packets going out after relaying have nothing to do
> with packets coming in, so I don't think marking makes any difference.
> This is clearly a positive point of Tor.
Thanks Csaba, that's exactly what I was worried about and your
information is reassuring. The usual allow/deny rules should be good
enough.
---
Anthony G. Basile, Ph.D.
Director of Information Technology,
D'Youville College,
320 Porter Ave.
Buffalo NY, 14201
More information about the tor-talk
mailing list