[tor-talk] AORTA - others tried it?

Wed Feb 7 12:13:26 UTC 2018

>> **Did anyone else check out AORTA or review its code?
>
> One way for non coders to review it is to observe if the rulesets
> it creates meets comprehensive expectations and makes sense.

I think these are its rules, copied from aorta.c, any opinions from experts?

const char *aorta_rules[] =
{
     // create an aorta chain inside the nat table

     "-t nat -N aorta",

     // DNS queries for onion addresses are resolved to an address in the
     // TOR_ONION_NETWORK range. traffic in this network must always be
     // processed by the local Tor daemon

     "-t nat -A aorta -p tcp -m tcp -d " TOR_ONION_NETWORK " -j  
REDIRECT --to-ports " TOR_TCP_PORT,

     // do not touch non-routable addresses, except for DNS traffic

     "-t nat -A aorta -d 127.0.0.0/8    -p udp -m udp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 127.0.0.0/8    -p tcp -m tcp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 10.0.0.0/8     -p udp -m udp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 10.0.0.0/8     -p tcp -m tcp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 192.168.0.0/16 -p udp -m udp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 192.168.0.0/16 -p tcp -m tcp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 172.16.0.0/12  -p udp -m udp ! --dport 53 -j RETURN",
     "-t nat -A aorta -d 172.16.0.0/12  -p tcp -m tcp ! --dport 53 -j RETURN",

     // redirect to local Tor daemon

     "-t nat -A aorta -p tcp -m tcp -j REDIRECT --to-ports " TOR_TCP_PORT,
     "-t nat -A aorta -p udp -m udp --dport 53 -j REDIRECT --to-ports  
" TOR_DNS_PORT,

     // output traffic from processes inside our cgroup is processed  
by aorta chain

     "-t nat -A OUTPUT -m cgroup --cgroup " AORTA_CGROUP_CLASSID " -j aorta",
     0
};

-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  