[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] tor/netfilter: packets without uid



>  echo 1 > /proc/sys/net/ipv4/tcp_rfc1337

not the right option; this is different, and to avoid an issue with time wait.

the feature i'm thinking of is time-wait negotiation, which can be
tweaked to always put this state on the peer (or fail if not
available).

last time i messed with this is was kernel build tweaks; probably too
much for most tastes ;)


regarding the match rules, why are you whitelisting a firefox
instances? a robust setup is everything transparently routed, except
for Tor PID, and only this PID. kernel originated traffic and all
other application originated traffic is thus routed properly without
bypass, assuming Tor itself is not vulnerable.
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk