[tor-talk] corridor, a Tor traffic whitelisting gateway

Sebastian G. <bastik.tor> bastik.tor at googlemail.com
Fri Feb 14 16:40:01 UTC 2014

14.02.2014 15:12, Rusty Bird:
> ## Principle of operation
> 1. Either run the corridor-data-consensus daemon script, which opens a
> Tor control connection and subscribes to NEWCONSENSUS events
> (announcements listing all public relays), or pipe any number of
> "Bridge" lines into corridor-data-bridges.
> 2. That data gets sent to corridor-helper-update, which atomically
> updates a Linux ipset (a list of IP-address:TCP-port entries accessible
> in constant time) named tor_relays.

Atomically is anatomically acceptable, but automatically appear to be

(There's a spelling mistake and playing with words is fun. The sentences
is full of a's for that purpose.)

> ## Pitfalls
> **To be secure, your new gateway needs two separate network
> interfaces**, like two Ethernet NICs, or one WiFi radio and one DSL
> modem. One is to receive incoming traffic from client computers, the
> other one is to pass the filtered traffic towards the global internet,
> **and they need to be on different networks**: Clients must not be able
> to take a shortcut via DHCP, DNS, ICMP Redirect requests, and who knows
> what else.

Isn't this the most limiting factor?

How many systems have two separate networks? (Network interfaces might
be achievable easier)

Sebastian G. (bastik)

More information about the tor-talk mailing list