[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor/Iptables Question
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor/Iptables Question
- From: Erilenz <erilenz@xxxxxxxxx>
- Date: Wed, 19 Aug 2009 08:12:52 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 19 Aug 2009 08:14:20 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:mime-version:content-type:content-disposition; bh=Dpi9c5u9+zUA4Rvv8yVl3CFQSP1l3NhlpYn9U2lfYXY=; b=xf4bSD73gx/MscJhmaQonh4iPCN78Hrd6JedocRTzha1kvm+lWrh4kr2841SsQ8Lm7 XQilgQ//klzCCt0zcxRMqll7Q/TtJKibWB5lgyDcAe3XKOt4v+BgxejxRDFHo/6OnfKa Mcv2Y0ft480jXEeUWXY9nsRHm5y6o6pZQGd+0=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type :content-disposition; b=UOJJYVrsad8Vf7yyD2vvwwjJOx1RBWw3rWl2SOOk6W1M1Qqmxjmb9JF1YB2s5ggCdC jvvbhCgXbmCysuRVcVsM/C5O+L4ppNBehEcw9VYM7rJr+c+QeqwO6AcDpafOVmuWV+Pq S2uXek5t9bvuKjRxGeFXw9DM/JL5Vi0j9eNQY=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
* on the Wed, Aug 19, 2009 at 02:00:01AM -0400, Ringo wrote:
> One problem I've continually run into while trying to setup a secure tor
> virtual machine for browsing is that I have to allow it access to
> localhost (to connect to Tor). Is there a way in iptables to say "deny
> localhost access to all local ports except xyz" or even better say "deny
> user access to all local ports except xyz"
>
> Thanks for any help people can offer,
I prevent all users other than root from connecting to the Tor Control port with an
iptables rule which looks like this:
iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT
You should be able to modify that for your own purposes.
--
Erilenz