[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: IP-tables and TOR

To: or-talk@xxxxxxxxxxxxx
Subject: Re: IP-tables and TOR
From: Jason <tor@xxxxxxxxxxxxxx>
Date: Tue, 24 Aug 2010 14:12:14 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 24 Aug 2010 14:28:55 -0400
In-reply-to: <AANLkTimxBWbT1Mets+n8N+Zr2imxtBfa71Orp+QeAunv@xxxxxxxxxxxxxx>
References: <AANLkTimxBWbT1Mets+n8N+Zr2imxtBfa71Orp+QeAunv@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.24 (X11/20100411)

Michael Gomboc wrote:

Hi!

Could some net filter expert give me some advise how to use iptables with TOR?

I'm trying the following to drop all non TOR connections:

iptables -F INPUT
iptables -F OUTPUT


iptables -P INPUT DROP
iptables -P OUTPUT DROP

iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT


iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT


iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT


Is there more to think about?

dhcp? Unless you want to statically assign your address for _every_ network you connect to (I'm assuming a laptop/mobile device).

ntp?  I've found TOR is much more reliable with an accurate clock.


hth,

Jason.
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- IP-tables and TOR
  - From: Michael Gomboc

Prev by Author: Re: The team of PayPal is a band of pigs and cads!
Next by Author: Re: DuckDuckGo
Previous by thread: IP-tables and TOR
Next by thread: Re: IP-tables and TOR
Index(es):
- Author
- Thread