[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] iptables rules



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

No Problem :)

Am 22. Oktober 2014 06:40:34 MESZ, schrieb CJ <tor@xxxxxxxx>:
>woops, didn't see the last row mentioning debian-tor user, my bad :(
>
>good to know about ntp, I'll add it to my own stuff later.
>
>Sorry for the noise, being sick doesn't help much reading iptables
>rules :/
>
>On 10/21/2014 07:57 PM, elrippo wrote:
>> Hmmm, at point 5.f.) that's exactly what i propose. Please do not
>forget
>> to let your relay do the NTP without TOR, becuase of the latency.
>>
>> Read down below....
>>
>>
>>
>>
>---------------------------------------------------------------------------------------------------
>>
>>
>>
>> f.) Now let's configure our second scenario, where the middlebox is
>> handing over to Tor, acting as an ExitRelay and the traffic of the
>> router is also handed to Tor.
>>
>> /etc/tor/torrc
>>
>> VirtualAddrNetworkIPv4 172.16.0.0/12
>>
>> TransPort 9040
>>
>> TransPort 192.168.100.1:9040
>>
>> TransPort 192.168.200.1:9040
>>
>> AutomapHostsOnResolve 1
>>
>> DNSPort 9053
>>
>> DNSPort 192.168.100.1:9053
>>
>> DNSPort 192.168.200.1:9053
>>
>> SocksPort 127.0.0.1:9050
>>
>> ControlPort 9051
>>
>> HashedControlPassword 16:somewilddigitsofsomekindofnumbers
>>
>> ORPort 9001
>>
>> Nickname PickYourNicknameLikeCounterNSAServer
>>
>> ContactInfo Random Person somename@xxxxxxxxxxxxxx
>>
>> DirPort 9030
>>
>> DirPortFrontPage /path/to/your/tor-exit-notice.html
>>
>> ExitPolicy accept *:22,accept *:80,accept *:443,reject *:*
>>
>> /etc/firewall/tor-only.bash
>>
>> #!/bin/bash
>>
>> modprobe ip_tables
>>
>> modprobe ip_nat_ftp
>>
>> modprobe ip_nat_irc
>>
>> modprobe ip_conntrack
>>
>> modprobe ip_conntrack_irc
>>
>> modprobe ip_conntrack_ftp
>>
>> modprobe ip_nat_ftp
>>
>> modprobe ipt_limit
>>
>> modprobe ipt_multiport
>>
>> modprobe iptable_mangle
>>
>> modprobe ipt_state
>>
>> modprobe iptable_filter
>>
>> modprobe iptable_nat
>>
>> modprobe ipt_REJECT
>>
>> modprobe ipt_LOG
>>
>> modprobe xt_recent
>>
>> modprobe ipt_mac
>>
>> ####################################################################
>>
>> # Remove all rules
>>
>> iptables -F
>>
>> iptables -X
>>
>> iptables -t nat -F
>>
>> ####################################################################
>>
>> # First set the default behaviour
>>
>> iptables -P INPUT DROP
>>
>> iptables -P OUTPUT DROP
>>
>> iptables -P FORWARD DROP
>>
>> ####################################################################
>>
>>
>################################################################################
>>
>> # INPUT INCOMMING rules for ALL INTERFACES #
>>
>>
>################################################################################
>>
>> # ALLOW ESTABLISHED and RELATED incoming connections
>>
>> iptables -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>> iptables -A INPUT -i eth1 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>> iptables -A INPUT -i wlan0 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>>
>################################################################################
>>
>> # OUTPUT OUTGOING rules for ALL INTERFACES #
>>
>>
>################################################################################
>>
>> iptables -A OUTPUT -o eth0 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>> iptables -A OUTPUT -o eth1 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>> iptables -A OUTPUT -o wlan0 -m state --state ESTABLISHED,RELATED -j
>ACCEPT
>>
>>
>################################################################################
>>
>> # ALLOW self communication
>>
>> iptables -A INPUT -i lo -j ACCEPT
>>
>> iptables -A OUTPUT -o lo -j ACCEPT
>>
>>
>################################################################################
>>
>> # ALLOW incomming connections on our internal interfaces
>>
>> iptables -A INPUT -i eth1 -j ACCEPT
>>
>> iptables -A INPUT -i wlan0 -j ACCEPT
>>
>> iptables -t nat -A PREROUTING -i eth1 -p udp -m udp --dport 123 -j
>> REDIRECT --to-ports 123
>>
>> iptables -t nat -A PREROUTING -i eth1 -p udp --dport 53 -j REDIRECT
>> --to-ports 9053
>>
>> iptables -t nat -A PREROUTING -i eth1 -p tcp --syn -j REDIRECT
>> --to-ports 9040
>>
>> iptables -t nat -A PREROUTING -i wlan0 -p udp -m udp --dport 123 -j
>> REDIRECT --to-ports 123
>>
>> iptables -t nat -A PREROUTING -i wlan0 -p udp --dport 53 -j REDIRECT
>> --to-ports 9053
>>
>> iptables -t nat -A PREROUTING -i wlan0 -p tcp --syn -j REDIRECT
>> --to-ports 9040
>>
>> iptables -t nat -A OUTPUT -o lo -j RETURN
>>
>> iptables -t nat -A OUTPUT -m owner --uid-owner "debian-tor" -j RETURN
>>
>> iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports
>9053
>>
>> iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
>>
>> iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>> iptables -A OUTPUT -m owner --uid-owner "debian-tor" -j ACCEPT
>>
>> for NET in 127.0.0.0/8; do
>>
>> iptables -A OUTPUT -d $NET -j ACCEPT
>>
>> done
>>
>> iptables -A OUTPUT -p udp -m udp --dport 123 -j ACCEPT
>>
>> iptables -A OUTPUT -j REJECT
>>
>> Make this script executable and load it on system start. This script
>> assumes that the Tor instance is also started at system start
>>
>> I hope you had some fun anonyminizing your traffic :D
>>
>> Read you later ;)
>>
>>
>>
>---------------------------------------------------------------------------------------------------
>>
>>
>>
>> On Dienstag, 21. Oktober 2014, 07:41:15 CJ wrote:
>>
>>>
>>
>>> On 10/20/2014 06:09 PM, Elrippo wrote:
>>
>>> > Try https://elrippoisland.net/public/how_to/anonymity.html
>>
>>>
>>
>>> hmm, there are some issues with the proposed iptables rulesâ
>>
>>> I'd rather read Mike's blog post[1] and take his scripts in order to
>>
>>> lock OUTPUT chain for good, allowing only debian-tor user traffic to
>go
>>
>>> out. Sadly you won't be able to filter out traffic as on Android, as
>>
>>> most of the application will run with your own user. But Tor does
>have
>>
>>> his dedicated user, so some magic is still possible in order to
>prevent
>>
>>> any leak.
>>
>>>
>>
>>> Something like that *should* be OK:
>>
>>>
>>
>>> # lock down network
>>
>>> $ipt -P OUTPUT DROP
>>
>>> $ipt -P INPUT DROP
>>
>>> $ipt -P FORWARD DROP
>>
>>>
>>
>>> # allow local connections
>>
>>> $ipt -I OUTPUT -o lo -j ACCEPT
>>
>>> $ipt -I INPUT -i lo -j ACCEPT
>>
>>> # allow debian-tor outputs
>>
>>> $ipt -I OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
>>
>>> # allow related/established incoming
>>
>>> $ipt -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>>
>>>
>>
>>> # redirect DNS traffic
>>
>>> $ipt -t nat -I PREROUTING ! -i lo -p udp --dport 53 -j REDIRECT
>>
>>> --to-ports $DNSPROXY
>>
>>> # redirect tcp to transproxy
>>
>>> $ipt -t nat -I PREROUTING ! -i lo -p tcp --syn -j REDIRECT
>--to-ports
>>
>>> $TRANSPROXY
>>
>>>
>>
>>> more or less. I don't have the whole stuff in head, and my script is
>at
>>
>>> home.
>>
>>>
>>
>>> Use with care, as it might as well lock you out ;).
>>
>>> You should add the DNSProxy and TransProxy settings as well in your
>torrc.
>>
>>>
>>
>>> Cheers,
>>
>>>
>>
>>> C.
>>
>>>
>>
>>> [1]
>>
>>>
>>
>https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy
>>
>>>
>>
>>> >
>>
>>> > Am 20. Oktober 2014 17:52:18 MESZ, schrieb Robert Watson
>> <robert@xxxxxxxxxxxxxxx>:
>>
>>> >> could someone please clarify a question I have about configuring
>tor &
>>
>>> >> iptables. I'm using a dual nic centos server with
>squid/privoxy/tor
>>
>>> >> behind
>>
>>> >> a ISP router. My internet nic (eth0) gets a dhcp address so I
>wasn't
>>
>>> >> sure
>>
>>> >> how to set SocksBindAddress to the eth0 address? Is there a
>>
>>> >> SocksBindAdapter setting available?
>>
>>> >> My tor.conf:
>>
>>> >> *SocksPort 9150 #privoxy socks5 port*
>>
>>> >
>>
>>> >> *SocksBindAddress 127.0.0.1*
>>
>>> >> *SocksPolicy accept 127.0.0.1*
>>
>>> >> *SocksPolicy reject **
>>
>>> >> *AllowUnverifiedNodes middle,rendezvous*
>>
>>> >> *Log notice syslog*
>>
>>> >> *RunAsDaemon 1*
>>
>>> >> *User tor*
>>
>>> >> *CircuitBuildTimeout 30*
>>
>>> >> *NumEntryGuards 6*
>>
>>> >> *KeepalivePeriod 60*
>>
>>> >> *NewCircuitPeriod 15*
>>
>>> >> *DataDirectory /var/lib/tor*
>>
>>> >> *PidFile /var/run/tor/tor.pid*
>>
>>> >> *Log notice file /var/log/tor/tor.log*
>>
>>> >
>>
>>> >> I was thinking I would have to forward eth0:9050 to lo:9050 with
>these
>>
>>> >> rules:
>>
>>> >> *-A FORWARD -i lo -o eth0 -p tcp --dport 9050 -j ACCEPT*
>>
>>> >> *-A FORWARD -i eth0 -o lo -m state --state ESTABLISHED,RELATED -j
>>
>>> >> ACCEPT*
>>
>>> >
>>
>>> >> Any advice would be appreciated.
>>
>>> >> Robert
>>
>>> >> --
>>
>>> >> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>>
>>> >> To unsubscribe or change other settings go to
>>
>>> >> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>>> >
>>
>>> >
>>
>>>
>>
>>>
>>
>>
>>
>> --
>>
>> We don't bubble you, we don't spoof you ;)
>>
>> Keep your data encrypted!
>>
>> Log you soon,
>>
>> your Admin
>>
>> elrippo@xxxxxxxxxxxxxxxxx
>>
>>
>>
>> Encrypted messages are welcome.
>>
>> 0x84DF1F7E6AE03644
>>
>>
>>
>> -----BEGIN PGP PUBLIC KEY BLOCK-----
>>
>> Version: GnuPG v1.4.11 (GNU/Linux)
>>
>>
>>
>> mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
>>
>> BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
>>
>> UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
>>
>> B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
>>
>> Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
>>
>> 9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
>>
>> e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
>>
>> jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
>>
>> q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
>>
>> +rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
>>
>> KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
>>
>> tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
>>
>> cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
>>
>> BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
>>
>> uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
>>
>> U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
>>
>> oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
>>
>> IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
>>
>> BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
>>
>> kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
>>
>> axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
>>
>> XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
>>
>> dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
>>
>> qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
>>
>> 1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
>>
>> s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
>>
>> f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
>>
>> ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
>>
>> O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
>>
>> 7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
>>
>> KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
>>
>> FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
>>
>> LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
>>
>> 5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
>>
>> MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
>>
>> UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
>>
>> AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
>>
>> N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
>>
>> WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
>>
>> 9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
>>
>> 1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
>>
>> r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
>>
>> 3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
>>
>> An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
>>
>> 9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
>>
>> OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
>>
>> Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
>>
>> /VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
>>
>> 6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
>>
>> 6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
>>
>> u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
>>
>> wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
>>
>> MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
>>
>> +v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
>>
>> E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
>>
>> 8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
>>
>> GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
>>
>> p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=
>>
>> =otlL
>>
>> -----END PGP PUBLIC KEY BLOCK-----
>>
>>
>>
>--
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

- --
We don't bubble you, we don't spoof you ;)
Keep your data encrypted!
Log you soon,
your Admin
elrippo@xxxxxxxxxxxxxxxxx

Encrypted messages are welcome.
0x84DF1F7E6AE03644

- -----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.11 (GNU/Linux)

mQINBFH797MBEAC0Y0NeI7lmDR9szTEcWuHuRe0r/WjSRC0Nr5nXsghuMcxpJ3Dd
BOBimi4hdMMK4iqPVMwNw6GpKYR3A9LHHjbYRXHUKrJmB+BaJVyzJXN5H6XvxTTb
UfX+DaXAGJW/G+3cBB3qm/QaU8QGkBKfXq0DLTaTGPkGKxEAldj/8onGZhawdJs+
B92JrW+S2HDh15pIuXzSqe7eCcIOdvvwfWe0fJi2AraA7LYGpxP6GcC/b9JJpbq5
Y6DfE2Aun9ZK3iHqURyrms0Whbv1CgmUahL2MVYCsTsXwe0GwlAxxKvjXAiXuo+R
9wO5wsXvVVSVNqsk9Yqi+wYzdPKndTU0GyxSApQHroF+cxaZ8Lk0xloj18+LdCSs
e5IiTSXH0MMsDdWWdHlrgk+bgDG+0Gu3ne4vMwGdKO7AhYgQW/ueMy4RnkG/nsV9
jry5BO4gGAI1Ij8KvqUzEnvJFGE3ptJogU+zazWWDUWmL3ecKb3aDRlJFnZ3kJ5h
q8GolZVjpk99V+4B5WVRPXdej/p5J19tXycK/jdNmr4oC8NyUhIpe8xHELnfoB4z
+rxiTx+KMnW0rY8EQg8O2ixEYt5my90IwQkxcxIxextVrqjJjYn8extc2/v8yGzI
KmTEJxdADB5v/Jx4HiLHNDSfBUb8gfONCkNSTYvTcSwTjWzHOkXeE/9ZbQARAQAB
tD5lbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0ZWQpIDxlbHJpcHBvQGVs
cmlwcG9pc2xhbmQubmV0PokCOAQTAQIAIgUCUfv3swIbLwYLCQgHAwIGFQgCCQoL
BBYCAwECHgECF4AACgkQhN8ffmrgNkT8+BAAoAXBqu4/O2Cs5FSWWZpzgScNEgq7
uHhOKeYmRfgKlOUPoYlPB1DBqdOAXSKb9OvsmyOvpoGnqijB7aAJBoyQYW/OCQgd
U8L4eTCf4yRZnfFLdgskcPfN1p0Rs/yinGEooBJFtYa7mT6J0UTW2JjCLZK2AFCW
oF+KBu5JICXGBXigb2ZbX1jWjxP5H1RidQw6HF5z4z34SjLWAOOeZ8B/Xfz6Fs0s
IAuLu2O4HE4DI8Qu196LhSVHHgr3uMTkvN1t5nKwyjrRQztwXXk9qIomII3ydNYb
BYAGdWNNMfLb1kmDwC5wQHAFvSP1aiMF3aKAY+gl2wXSGO6JqM0SteJS3dytIljI
kzu0atc9HuGs/HDQgdmpAS4WU2YefEr/WieltSiAKlwuC+3wg+CONJ6TE1vgNDU/
axerttb0jq7UQb/nAp05bsrB7XH1Vs+1ON9lUPEfWRmwQcrVK5JUrUWa/4tA/UeM
XvFcPFtFluGTlLewgJIqcvjPXFwpbDZprXJsMkwew/A6B6n3+0sbgf7p3QSGkVbi
dwQAymTbHdYqLnbcnKZhjto3Wjw1J5QB2wuiRYlpjV3i7AWTGlqoSTOWCCV+HamQ
qeFYNYAWNFx3+J/oi7xDi8t9bHVNA205equ+y2sj3G5uGJ6LSHQ8AXp9uOipUUvU
1MJN0yLXr9PIwvi5Ag0EUfv3swEQAL0+MnxHGrTjSYdfdua4SBpmytDONM1EngeY
s+WyaC/760MughKbaysI/nK2LB1vnwEY7f3NM4fxBx8u2T7VBm6Ez6Fs23Bb8Rkz
f97bPSdxCmg64GPHfLA9uwTIXcYS+MpI86WOf6eWY0rRpf7Y9Nl7YoUNvzOyUPqc
ggdcnHce8zYv7A/WS8flZDm8tVFPsHrQDEwNMws7ZhiNnHkeZeRJrvCuB7oEVich
O/ROYoA5o6NozWYQbjxe1f6Yur4Q10qgVcxVnyLFJSbg6vZSzL7KYh3Z5iBOzPHt
7cwEDrW8W4Kl2Qj8rhJ4Wxs94CAtua7IXK44sVZWQbyHcOXRikgGMZKkEZzVCQa5
KD1u1ZrcBCyuMAir0hsmS3jhCUwpiE2c3SRk8O8CgixhTcBk0X/k9ZFu3Hbi1JMB
FLzs/Nq3tYAYvVivhPloSxmYBPsafYHCZM83yBNNsralXh5zjB+di90G+AMXt2PN
LTcdovZuWtC0s8/jrx+zv/AA4FAGYU9OVl+YL9ybFX8gSdMEcixyzQcKfiFBjpWv
5iFrwIuDlaXMcheyrhc9aGOxfx44OXc505+VjO/1Q/8EOWlJ6UwOi6GMkj5T+RFJ
MDyP0UixS7dt6wTuD5t6PRuyWWxZswgrbL9hjwGFr154Z19TWeNWc23pWtUvQJos
UCxl2nFHABEBAAGJBD4EGAECAAkFAlH797MCGy4CKQkQhN8ffmrgNkTBXSAEGQEC
AAYFAlH797MACgkQJEPd69lQ0evA+Q/+M7lSFlrQWiRsFqDjh+kTJc+0OEBCvnfo
N2KPyXXbfc//qup55PfEygE6C60zvrlv3WE33GZ5GS5MLuDMP82b+a5Yt16NQU7L
WtAg1g0S0BvazW+28TgnfO8bhbGaFeE9ccw3xLmlbwZQ3f3LtMKdwFIROiG6hvAs
9U54QYti3tv9DowRYYWpdr0Ga8RqeGNtCKc0v2opy51MpzKWjwUW0i3XlSlyY8Lj
1KT8PyznNPw32nYpmDizz+0OUJNnn/kT+GnFoR3DJnFosTOrnxFJp+N+nejMp/gW
r9NM0/E7H+P53IiytBOt5/0vsOaCFGdYGhKEjmJi3dHS4Xk1ObD1mjdD1YDOlWWU
3Md6BDHd4W7Q8gT7oQfTIMLd3HzV+WNPIdocPLBaeA/tRD8Pg5CCmncAmSub4F5T
An7FlnACtSOv3cIWQ0TymS42DihDaJ5d1RvNzKw+zHYdPvf471JFZR3TDhkPbLIr
9czR7kbpnXRwchgwXQn306NVWf37TgA8wpbnFTazZ38iOeqcb9oKprqnbgEdr3PN
OhKSlMTkzAqf3MEi2Fyua4BADMhS3oBwCRgDTlt6wquEytpNSlZaHnyiyIgOpekF
Uy5K3w8NhHqeifRPrNb/UcCbXtXz+puqIEZHMenpv6FRlTTKpdoHoVXSkp1TPMGN
/VaCiLbP4Z3xEw/9EbAJJkhmmx1Qw3ueoqc4h1MmhUtIdxSZ/oA9SjwlnY++zvaZ
6w1wTS4P+OUkETNDtItdpxXMJ9qfSy9voAQc2K43WMZCCmpPJYSdqaZZNPFj+Ne8
6FNtNKuUkXREybpHwlVAXnHzInmFOOM9RAmF70r3zEmKt77W1ztBLo2o9X79gPgL
u9ThgrH6Oc2k46n+9nc3joccr7miiX/bp976DNWcWdOYThiSSOCb8Zw9/Zs935i1
wUVkYTj24tmBH4H5ov9ib7RPmU21ru458RbUKG0ONAqBtAHNyXHzUnXsrke+D4VW
MI06YcXSk8YeYgQ8GxgHQc+W2bb8LIbKN1hEYJ0wzM62vKR2/Oiwuf8lXutIKTuz
+v7Vj1PQd66DGHsxtWRaWnr1c54JTL2wICHJYKFH4grp7864+GL/uQ1O/Z/XxVku
E1JQ/AnwBGU1M1S6otwWGWVRjzEzQtxsfcCEPvV/9td3FIFQAbGTPb+48XFU+TY9
8AlcXBlDzXq7c5f8Evn/oSIsZDt63K4HNTmMGqOTl/p1aA0e4eyX76LczY06rDP5
GMSNs+AHmYgZiS4RYhRUIvS9uLXMnnDAMYst0SDl2orDUUeHBTzu0rchyknBZMGP
p5wQuWQ9CFlV+dj3UYbrBwC1lTkAMXRG2vlhA0V0TZqos7A5D4VHgSUQQjE=
=otlL
- -----END PGP PUBLIC KEY BLOCK-----


-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1

iQJcBAEBCgBGBQJUR1hfPxxlbHJpcHBvIChrZWVwIHlvdXIgZGF0YSBlbmNyeXB0
ZWQpIDxlbHJpcHBvQGVscmlwcG9pc2xhbmQubmV0PgAKCRAkQ93r2VDR66JED/9j
SlDs2JPp7Iqd6GAsL3MZLbdNeOpwGfZgMjzy8Fl79leQknqhVeGJ97i4txvtiX9f
zAqDzLwUMOQIAn6hEaqjuFXR2IH19ywuyeMpljCX99FIomrPjW90mA7gkFN9P4gP
CsxaKZzGtq1dNIubV2/07pUp5SEAZUJQDI657u3zaRH2TBAnPCHv4gLhc/Ub4QEd
dF/3Z7gA7s1rkxY/e1cexfWA4x7JId5ex3QF8PDrRRmz+2V186aLAz2H/CxJx+QZ
FfdTgkj555BB88SsKMLzjrn8sNkYJePexIlKJ1CoQkRD6LKOLww4FiMLGQ6h+9Ve
hd4qNT078ce6oP7odyd+kh2Gjl6GABJQUiKQjcnyDsnCG/qX/uSvgEysMGHqhKVr
7Apgu0/bMi4svcUX9dCgXiNzImR8KsG9ZciAZSX9Gc3qLf7ngWa5F9+WH3WQAHcj
+Zjyn6fF3FUpniChQzrwnEovxK5fNn+4qyU+JJeRCz6WNFPba8++cn686s4DPXDJ
RiXacWb+ELhDYJMjSgvthzoWEXUtuciNtgI09Mq9p9NJGMghMkEmzbDhvJiPddyZ
MTeu3ATSXPNx44Lw2RLMdrfoaNkVIZ1rnmoIyNRcDZaBugVkyvcsW4aT3OU9RLJR
mO3vZDpPFZcUq+ekDRGKRxdaQ0yek7wYmbscF0v9tw==
=R+f0
-----END PGP SIGNATURE-----

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk