CJ transcribed 2.5K bytes: > > On 07/24/2014 03:54 PM, u wrote: > > CJ: > >> On 07/24/2014 01:23 PM, u wrote: > >>> Lunar: > >>>> CJ: > >>>>> Just a small announce (not sure if this is the right ML, sorry). > >>>>> I'm developing an Android app allowing to block all IP traffic, and > >>>>> force only selected app through Orbot. > >>>>> This is done because neither Orbot nor AFWall (or other free, opensource > >>>>> Android iptables managment interface) seem to be able to do thatâ > >>>> Orbot is free software. Isn't there a way to add the needed features > >>>> directly to it? > >>>> > >>>> Sorry if it's a naive question, I'm not very knowledgable regarding > >>>> Android. But I know that asking our users to install 3 different apps or > >>>> even more is not friendly. > >>> AFAIK this works in Orbot if you have a rooted Android device. > >> Not the "block all other output" part in fact :) > > That said, I am also interested in your answer to Lunar's question :) > > Why not contribute to Orbot instead? > > > > Cheers! > It's possible I push some pull-request later, yes. > But, as said in some previous email, I'm not really sure it's Orbot job > to set up firewallâ I rather prefer dedicated app for dedicated task â > Orbot main task is, for me, connecting to Tor networkâ Basically, this > just doesn't involve the firewall at all. > > But yeah, I know, users like "all-in-one apps" â who knows, once > torrific is ready (i.e. no more broken rules, no more bugs like "craps, > network's broken")â the devs may get some PR ;). > Torrific is also, for me, a way to play with android without annoying > other applications. > > To be honest, I'd rather contribute this function in AFWall than Orbot, > as it already is a firewall manager (and not a bad one). > > Cheers, > > C. I agree that this should be done outside Orbot, for several reasons that I'm not going to get dragged into again. And FWIW, Mike's blog post on Android security specifically recommends setting up DroidWall (a similar AOS iptables-based firewall app) with some bash scripts to log and deny all leaky traffic from Orbot. My primary concern would be regarding whether Torrific's iptables rules are applied ASAP after Orbot starts Tor, and I actually can't recommend anything there (short of building a new initramfs which enforces starting the firewall from there, early during the boot process). DroidWall already has a mechanism for running user-specified scripts at startup... Perhaps the most portable way to do what you're trying to do would be to add a similar script-sourcing mechanism to AFWall? Then you could simply maintain a repo of startup scripts which (hopefully) work for any Android firewall app which supports this mechanism. -- ââ isis agora lovecruft _________________________________________________________ GPG: 4096R/A3ADB67A2CDB8B35 Current Keys: https://blog.patternsinthevoid.net/isis.txt
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk