[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and iptables.

On 12/12/2016 01:14 AM, Jonathan Marquardt wrote:
> On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
>> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
>> down Tor using Tor browser?
> Well, given the way OP phrased his question, I just assumed he wanted to 
> prevent any unwanted input to his system, which is why I gave him a simple 
> ruleset which allows any output.

Right. But I'm more paranoid about restricting output, given that
phone-home malware is now a routine risk.

> If you want to filter output as well but allow Tor Browser to work, I see two 
> ways to accomplish that:
> - Go with the seperate user method: Create a seperate user just to run Tor 
>   Browser and allow output for just this user. You could launch Tor Browser as 
>   this user using gksudo or kdesudo.

Thanks :)

> - Configure a bridge for Tor Browser to use and allow output to just this 
>   bridge filtering by IP adress as well as port.

That seems more complicated.

Sorry about missing the typo in my initial reply. It _was_ an invalid
rule. But accepting lo is necessary with default deny, right?

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to