[tor-talk] How tor skip firewall ?

Justin Aplin japlin at gmail.com
Fri Mar 2 15:16:55 UTC 2012

On Mar 2, 2012, at 4:26 AM, J. Bakshi wrote:

> Dear list,
> I have implemented some iptables rule to block some sites based on time module.
> The settings are working perfectly fine. But when tested through tor browser,
> none are working. The iptables rules are applied on the lan card explicitly
> to be sure that the rules are applied on ethernet. Still through tor none is working.
> Is not the packages generated by tor passing through the ethernet device ?
> Then why the rules are not honored ? Are those packets encrypted ?
> Please give some clue. Thanks

It's less to do with encryption and more to do with how Tor routes traffic. The iptables rules you've implemented prevent connections from your machine to the particular sites you've blocked; however, all Tor connections are between your machine and entry nodes, which are allowed connections in your iptables. The connection to the site itself occurs at the exit node.

~Justin Aplin

More information about the tor-talk mailing list