Is it possible to firewall Tor traffic with a hardware firewall?
hikki at Safe-mail.net
hikki at Safe-mail.net
Sat Oct 30 10:29:47 UTC 2010
To make side channel attacks more difficult, especially for those who
don't use virtual machines to run their hidden services, I was thinking
about using a hardware firewall between the Tor computer and the Internet modem.
The hardware firewall can do IP based blocking, meaning that you
can decide what IP address the Tor computer can connect to only.
Like adding custom entry nodes in the Tor's config file and then put
those IP addresses in the hardware firewall's rules so you can only
connect to those, and no other IP.
But there's a problem doing this. Sometimes Tor needs to connect to a
directory server (if I've understood it right?) to update its directory list.
And it doesn't connect to your exclusive entry node list for that.
It seems, from the firewall's internal log, that it tries a lot of random
IP's for that. So eventually your Tor engine will stop working or you
can't restart it as long as the firewall blocks all outgoing traffic
except for your entry node's IP addresses.
Is there a way to make this possible, so you can IP filter your Tor
computer and lock its connections only to your entry nodes and directory servers?
Or is this impossible?
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list