[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IP-tables and TOR



Michael Gomboc wrote:
Hi!

Could some net filter expert give me some advise how to use iptables with TOR?

I'm trying the following to drop all non TOR connections:

iptables -F INPUT
iptables -F OUTPUT


iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT


iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


Is there more to think about?


dhcp? Unless you want to statically assign your address for _every_ network you connect to (I'm assuming a laptop/mobile device).
ntp?  I've found TOR is much more reliable with an accurate clock.


hth,

Jason.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/