[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor/Iptables Question

* on the Wed, Aug 19, 2009 at 02:00:01AM -0400, Ringo wrote:

> One problem I've continually run into while trying to setup a secure tor
> virtual machine for browsing is that I have to allow it access to
> localhost (to connect to Tor). Is there a way in iptables to say "deny
> localhost access to all local ports except xyz" or even better say "deny
> user access to all local ports except xyz"
> Thanks for any help people can offer,

I prevent all users other than root from connecting to the Tor Control port with an
iptables rule which looks like this:

iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT

You should be able to modify that for your own purposes.