[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Linux kernel transproxy packet leak (w/ repro case + workaround)



Rusty Bird:
> I've reproduced those packets on kernel 3.13 using your iptables rules.
> Strangely enough my own personal transproxy setup does not exhibit this
> issue [...]

Maybe it can be boiled down to this: When redirecting *and* filtering,
the filtering should be done in OUTPUT (instead of INPUT), because there
you can also verify that the traffic has been redirected to the right place.

Rusty

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk