[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13144: Cleaned up iptables, corrected some minor errors (netmasks f (in incognito/trunk/root_overlay/var/lib: iptables kdesession)



Author: anonym
Date: 2008-01-15 21:35:14 -0500 (Tue, 15 Jan 2008)
New Revision: 13144

Modified:
   incognito/trunk/root_overlay/var/lib/iptables/rules-save
   incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc
   incognito/trunk/root_overlay/var/lib/kdesession/torkrc
Log:
Cleaned up iptables, corrected some minor errors (netmasks for private networks).
Turned off TorK OSD connection listing.
KDE's ksmserver now ignore vidalia, TorK and knetworkmanager (started through .kde/Autostart instead)


Modified: incognito/trunk/root_overlay/var/lib/iptables/rules-save
===================================================================
--- incognito/trunk/root_overlay/var/lib/iptables/rules-save	2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/iptables/rules-save	2008-01-16 02:35:14 UTC (rev 13144)
@@ -1,52 +1,42 @@
-# Generated by iptables-save v1.3.6 on Thu Dec 21 14:32:27 2006
+# Generated by iptables-save v1.3.8 on Wed Jan 16 02:17:09 2008
 *filter
-:INPUT ACCEPT [333351:305303232]
+:INPUT ACCEPT [0:0]
 :FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [829:62910]
+:OUTPUT ACCEPT [0:0]
 
 # Established connections are accepted
-[333804:328742263] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
 
 # Local networks should not go through Tor
 [0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT 
-[4309:147963] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT 
-[3185:212487] -A OUTPUT -d 172.16.0.0/255.255.0.0 -j ACCEPT 
-[7680:500308] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT 
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT 
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT 
+[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT 
 
-# Tor is allowed to do anything it wants to
-[587:35220] -A OUTPUT -m owner --uid-owner tor -j ACCEPT 
-
-# Reject remaining TCP traffic, which should have been redirected to Tor (see below)
-[0:0] -A OUTPUT -p tcp -j REJECT --reject-with icmp-port-unreachable 
-
-# Reject all UDP since we cannot anonymize it
-[0:0] -A OUTPUT -p udp -j REJECT --reject-with icmp-port-unreachable 
-
+# Tor is allowed to do anything it wants to, everything else is dropped
+[0:0] -A OUTPUT -m owner --uid-owner tor -j ACCEPT 
+[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+ 
 COMMIT
-
-# Completed on Thu Dec 21 14:32:27 2006
-# Generated by iptables-save v1.3.6 on Thu Dec 21 14:32:27 2006
+# Completed on Wed Jan 16 02:17:09 2008
+# Generated by iptables-save v1.3.8 on Wed Jan 16 02:17:09 2008
 *nat
-:PREROUTING ACCEPT [4337577:1351180165]
-:POSTROUTING ACCEPT [13134711:761547407]
-:OUTPUT ACCEPT [13096834:759280116]
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
 
-# Tor and polipo are allowed to do anything they want to
-[787:47220] -A OUTPUT -m owner --uid-owner tor -j RETURN 
-[787:47220] -A OUTPUT -m owner --uid-owner polipo -j RETURN 
-
 # Local networks should not go through Tor
 [0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN 
-[4216:131407] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN 
-[3168:211467] -A OUTPUT -d 172.16.0.0/255.255.0.0 -j RETURN 
-[6710:440633] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN 
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN 
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN 
+[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN 
 [0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN 
 
-# .onion mapped addresses
-[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
+# .onion mapped addresses redirection to Tor
+[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040 
 
-# Redirect all remaining TCP to Tor
-[547:32820] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040 
+# Redirect all remaining TCP traffic to Tor
+[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040 
 
 COMMIT
-# Completed on Thu Dec 21 14:32:27 2006
+# Completed on Wed Jan 16 02:17:09 2008

Modified: incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc	2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/kdesession/ksmserverrc	2008-01-16 02:35:14 UTC (rev 13144)
@@ -3,7 +3,7 @@
 
 [General]
 screenCount=1
-excludeApps=vidalia,tork,knetworkmanager
+excludeApps=/home/gentoo/.kde/Autostart/vidalia,/home/gentoo/.kde3.5/Autostart/vidalia,vidalia,/home/gentoo/.kde/Autostart/tork,/home/gentoo/.kde3.5/Autostart/tork,tork,knetworkmanager
 
 [LegacySession: saved at previous logout]
 count=0

Modified: incognito/trunk/root_overlay/var/lib/kdesession/torkrc
===================================================================
--- incognito/trunk/root_overlay/var/lib/kdesession/torkrc	2008-01-16 02:34:57 UTC (rev 13143)
+++ incognito/trunk/root_overlay/var/lib/kdesession/torkrc	2008-01-16 02:35:14 UTC (rev 13144)
@@ -70,7 +70,7 @@
 QuickConfigure=6
 ShowApplySettingsQuestions=false
 ShowDNSLeaks=false
-ShowTorMon=true
+ShowTorMon=false
 ShowUsageWarnings=false
 SystemProxy=true
 TorLocation=/usr/bin/tor