[tor-talk] tor/netfilter: packets without uid
coderman
coderman at gmail.com
Sat May 12 05:14:45 UTC 2012
> echo 1 > /proc/sys/net/ipv4/tcp_rfc1337
not the right option; this is different, and to avoid an issue with time wait.
the feature i'm thinking of is time-wait negotiation, which can be
tweaked to always put this state on the peer (or fail if not
available).
last time i messed with this is was kernel build tweaks; probably too
much for most tastes ;)
regarding the match rules, why are you whitelisting a firefox
instances? a robust setup is everything transparently routed, except
for Tor PID, and only this PID. kernel originated traffic and all
other application originated traffic is thus routed properly without
bypass, assuming Tor itself is not vulnerable.
More information about the tor-talk
mailing list