[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-talk] Tor as a network filter
Depending on how you're getting traffic onto Tor (i.e. are you using
SOCKS proxy or silently redirecting traffic to the relevant port) you
be able to achieve something similar to what you're attempting using
I am just running Tor Browser, so the default SOCKS.
For example, I have a VM running an MUA, it should only ever connect to
it's mailserver's over Tor. To enforce that, my router runs Tor and an
iptables rule ensures that all traffic from that VM leaves my network
Tor (there are some other concerns with doing it this way, but they
relevant for what I'm trying to say).
Can you expand on this, the Tor on a router part? Others have said,
in response to an out of the box product you can by, that running Tor
on a physical router is not so safe, though this is maybe where your
iptables rule comes in.
There's no technical reason I (or, you) couldn't add a rule to first
that traffic through some sort of (semi)transparent proxy so that
can be performed at application level.
How much control do you then have over the traffic? Can you shape how
you appear, ignoring the risk of standing out? How would you interface
with the traffic?
There are a number of reason's you might not want to do it though:
- It complicates troubleshooting connection issues
- You've just inserted an extra listening point for an adversary to use
- If you're using a transparent solution and it breaks, you may find
yourself working without your extra level of 'protection'
- Depending on your solution, it may change your request signature (a
of work has gone into TBB to make all look the same, you don't want
user-agent to suddenly becomes 'squid' for example)
In my setup, traffic transits my network in the clear (at least in a
metadata sense) before reaching Tor, there's no reason you necessarily
to do that as you could set something similar up on a single box.
So whilst tor won't do application level filtering for you, you can
some filtering into the chain, as long as you weigh the risks (and I've
likely omitted some)
But I am more asking if Tor can be used as part of a filter, with some
sort of application allowing for more control, maybe even of what is
to the entry. It seems there has been some discussion regarding 'Tor
Router/Firewall', though it's only cited as a bullet in a list. I
misreading, but a Tails document refers to a 'Network Filter'. I
only want to allow or deny network connections, like with Tails, but
out certain things as well, maybe with something smaller like a
Sounds like you are looking for what is known as an "Application
I am, is there any value to combining incoming access
to the Tor network and outgoing connections from applications as a
standalone tool? Vs using Little Snitch or built-in firewalls
from a Tor application like Tor Browser.
Thanks for this!
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to