[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] r13146: whoops! Seems I got a bit carried away cleaning up the iptab (incognito/trunk/root_overlay/var/lib/iptables)



Author: anonym
Date: 2008-01-15 23:15:41 -0500 (Tue, 15 Jan 2008)
New Revision: 13146

Modified:
   incognito/trunk/root_overlay/var/lib/iptables/rules-save
Log:
whoops! Seems I got a bit carried away cleaning up the iptables configuration last time. Fixed.


Modified: incognito/trunk/root_overlay/var/lib/iptables/rules-save
===================================================================
--- incognito/trunk/root_overlay/var/lib/iptables/rules-save	2008-01-16 02:48:13 UTC (rev 13145)
+++ incognito/trunk/root_overlay/var/lib/iptables/rules-save	2008-01-16 04:15:41 UTC (rev 13146)
@@ -5,18 +5,18 @@
 :OUTPUT ACCEPT [0:0]
 
 # Established connections are accepted
-[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
+[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
 
 # Local networks should not go through Tor
-[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT 
-[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT 
-[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT 
-[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT 
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
 
 # Tor is allowed to do anything it wants to, everything else is dropped
-[0:0] -A OUTPUT -m owner --uid-owner tor -j ACCEPT 
+[0:0] -A OUTPUT -m owner --uid-owner tor -j ACCEPT
 [0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
- 
+
 COMMIT
 # Completed on Wed Jan 16 02:17:09 2008
 # Generated by iptables-save v1.3.8 on Wed Jan 16 02:17:09 2008
@@ -26,17 +26,20 @@
 :OUTPUT ACCEPT [0:0]
 
 # Local networks should not go through Tor
-[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN 
-[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN 
-[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN 
-[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN 
-[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN 
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
 
+# Tor is allowed to do anything it wants to
+[0:0] -A OUTPUT -m owner --uid-owner tor -j ACCEPT
+
 # .onion mapped addresses redirection to Tor
-[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040 
+[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
 
 # Redirect all remaining TCP traffic to Tor
-[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040 
+[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
 
 COMMIT
 # Completed on Wed Jan 16 02:17:09 2008