[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

IP-tables and TOR

To: or-talk@xxxxxxxxxxxxx
Subject: IP-tables and TOR
From: Michael Gomboc <michael.gomboc@xxxxxxxxx>
Date: Tue, 24 Aug 2010 13:54:14 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 24 Aug 2010 13:54:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:date:message-id :subject:from:to:content-type; bh=8Wd2NbSra0MzNzA3Mk1azUQwbBOtBBhtx8jpa2xsSF8=; b=xttNVoKUaPCac3X3gnyusoCv0aZybs/F0IBUGnHAnbXLChlr+aYWUlQAhmPaP3XNJ+ /xdvlS1iDYljUDy6BysaRAO/z4apW7KDXQ8rqwoT0MkoCeDF5WJ4lG/QunlForTQwwCg VM/iC7wlic8UpW+LuV5nkKyz9k15cu2zCumIM=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; b=PiiyhGEG5TCI0aLZGanEdTgh49CQJWzLiJWrnFhrv3tup+xCybW8Gt5DEI5sdpbm+5 2ASv62ETX/p49w7YaF5h3EO7otuauCCfgQR1eUnEh/fJeUX2ZJmZ8+o48jMbsT8z04/X aKBP/0Jrqzc5Qymh8Tf7RPsaZwX3acVjn/cdM=
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

Hi!

Could some net filter expert give me some advise how to use iptables with TOR?

I'm trying the following to drop all non TOR connections:


iptables -F INPUT
iptables -F OUTPUT
 

iptables -P INPUT DROP

iptables -P OUTPUT DROP

iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -i lo -j ACCEPT
 


iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT

 

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT



Is there more to think about?

Thanks a lot!

--
Michael Gomboc

pgp-id: 0x5D41FDF8

Follow-Ups:
- Re: IP-tables and TOR
  - From: Andrew Lewman
- Re: IP-tables and TOR
  - From: Jason

Prev by Author: Re: Tor notice
Next by Author: Re: DuckDuckGo now operates a Tor exit enclave
Previous by thread: Re: How to Run High Capacity Tor Relays
Next by thread: Re: IP-tables and TOR
Index(es):
- Author
- Thread