[tor-talk] FreeBSD PF (firewall) ruleset

Lars Noodén lars.nooden at gmail.com
Tue Nov 12 08:24:13 UTC 2013


On 11/12/2013 05:38 AM, M C J wrote:
> I'm unable to connect to Tor with PF enabled. Without PF, Tor connects and
> runs fine (with Privoxy). Soon as PF is enabled, Tor will either disconnect
> if already running, or fail to connect if I try.
> 
> I've used a very basic pf.conf ruleset:
> 
> #######################
> block in all
> pass out all keep state
> #######################

Usually loopback is not filtered[1].  You could try adding this ahead of
the above two rules:

  set skip on lo0

If Tor is listening on an external interface, then you should just need
to open that particular port

  pass in quick on $ext_if inet proto tcp to ( $ext_if ) port 8118

Otherwise, try logging blocked packets and see how it is trying to connect.

Regards,
/Lars

[1]	http://www.openbsd.org/faq/pf/filter.html


More information about the tor-talk mailing list