On 01/26/2020 10:53 PM, Jim wrote:
Forst wrote:
In that case, what would be best approach to achieve that all traffic
is forced though Tor and direct internet connection blocked,
preferably even if/when the system is breached?
Roger gave a good reply for the case where the system is not breached.
But if your firewall is on the same system as the hidden service and
an
attacker gets root then nothing can save you since the attacker could
alter the firewall at will. The only exception I can think of is
SELinux *might* provide a mechanism to prevent this but I am not
familiar with it.
Jim
If you're that paranoid, you can use the Whonix model. Basically, run
the Tor process and firewall on one machine, with requisite ports
exposed on an isolated LAN. And run the web server on another machine,
connected via that LAN. So nothing on that machine can see the
Internet,
except through Tor.
If you control physical access, it's most secure for those to be
separate hardware. Otherwise, you can use KVM VMs. You can even run KVM
VMs on some KVM VPS, although it's a little sluggish.