[tor-talk] Tor and iptables.
mirimir at riseup.net
Mon Dec 12 08:52:22 UTC 2016
On 12/12/2016 01:14 AM, Jonathan Marquardt wrote:
> On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
>> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
>> down Tor using Tor browser?
> Well, given the way OP phrased his question, I just assumed he wanted to
> prevent any unwanted input to his system, which is why I gave him a simple
> ruleset which allows any output.
Right. But I'm more paranoid about restricting output, given that
phone-home malware is now a routine risk.
> If you want to filter output as well but allow Tor Browser to work, I see two
> ways to accomplish that:
> - Go with the seperate user method: Create a seperate user just to run Tor
> Browser and allow output for just this user. You could launch Tor Browser as
> this user using gksudo or kdesudo.
> - Configure a bridge for Tor Browser to use and allow output to just this
> bridge filtering by IP adress as well as port.
That seems more complicated.
Sorry about missing the typo in my initial reply. It _was_ an invalid
rule. But accepting lo is necessary with default deny, right?
More information about the tor-talk