IP-tables and TOR
Jason
tor at lakedaemon.net
Tue Aug 24 18:12:14 UTC 2010
Michael Gomboc wrote:
> Hi!
>
> Could some net filter expert give me some advise how to use iptables with TOR?
>
> I'm trying the following to drop all non TOR connections:
>
> iptables -F INPUT
> iptables -F OUTPUT
>
>
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
>
> iptables -A OUTPUT -o lo -j ACCEPT
> iptables -A INPUT -i lo -j ACCEPT
>
>
> iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
>
>
> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>
>
> Is there more to think about?
>
dhcp? Unless you want to statically assign your address for _every_ network you connect to (I'm assuming a laptop/mobile device).
ntp? I've found TOR is much more reliable with an accurate clock.
hth,
Jason.
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list