[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IP-tables and TOR

Michael Gomboc wrote:

Could some net filter expert give me some advise how to use iptables with TOR?

I'm trying the following to drop all non TOR connections:

iptables -F INPUT
iptables -F OUTPUT

iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

Is there more to think about?

dhcp? Unless you want to statically assign your address for _every_ network you connect to (I'm assuming a laptop/mobile device).
ntp?  I've found TOR is much more reliable with an accurate clock.


To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/