[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Ports required for Tor and hidden services
On Sat, Jan 25, 2020 at 01:30:34PM +0000, Forst wrote:
> In that case, what would be best approach to achieve that all traffic is
> forced though Tor and direct internet connection blocked, preferably even
> if/when the system is breached?
Here are two approaches that are worth exploring:
(A) Set the iptables rules so only the tor process can get through
the firewall. This is how Tails does it, I believe. This way you're
firewalling based on what user is trying to make the connection, rather
than what destination they're trying to reach. More info at
https://tails.boum.org/contribute/design/Tor_enforcement/
(B) Pick a bridge that you know you like, and configure your Tor to
use that, and configure your firewall to only allow connections to
that bridge. More info on this approach at
https://lists.torproject.org/pipermail/tor-relays/2014-October/005541.html
https://lists.torproject.org/pipermail/tor-relays/2014-October/005544.html
("The best design we've been able to come up with is one that forces
you to be using Tor on your side, and only allows your traffic through
if it's coming from Tor.")
I guess there is also (C) do both.
--Roger
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk