On Wed, 09 Mar 2011 19:23:15 +0100 "Fabio Pietrosanti (naif)" <lists@xxxxxxxxxxxxxxx> wrote: > i've been thinking and playing a lot about the various possible risk > mitigation scenarios for TOR exit node maintainer. > > Now i need to be able to pass all web traffic trough a transparent proxy > in order to implement some kind of filters to prevent specific > web-attacks, web-bruteforce, etc, etc > > One very interesting feature that's now missing from TOR and that would > need to implement such kind of proxying is to be able to bind the > TOR-exit traffic to a specific IP address. > That way would be possible to "mark" with iptables the TOR exit traffic > and just mangle this. > > That kind of added feature would also allow a TOR exit node to re-route > the TOR exit traffic go away trough multiple interface in round-robin > for example, for multi-homed TOR routers. > > Sounds to me like a small patch, but frankly speaking i'm not a c-coder. > Some volunteer? Try running "man tor |grep -C5 OutboundBindAddress". But I'm not surprised that someone who wants to perform content censorship on a Tor exit node is too clueless to find that Tor configuration option, or to find out that iptables can apply different rules to the user ID under which Tor is running. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk