Tor/Iptables Question

Erilenz erilenz at gmail.com
Wed Aug 19 12:12:52 UTC 2009


* on the Wed, Aug 19, 2009 at 02:00:01AM -0400, Ringo wrote:

> One problem I've continually run into while trying to setup a secure tor
> virtual machine for browsing is that I have to allow it access to
> localhost (to connect to Tor). Is there a way in iptables to say "deny
> localhost access to all local ports except xyz" or even better say "deny
> user access to all local ports except xyz"
> 
> Thanks for any help people can offer,

I prevent all users other than root from connecting to the Tor Control port with an
iptables rule which looks like this:

iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT

You should be able to modify that for your own purposes.

-- 
Erilenz



More information about the tor-talk mailing list