[tor-talk] Tor and iptables.

Mirimir mirimir at riseup.net
Mon Dec 12 08:52:22 UTC 2016


On 12/12/2016 01:14 AM, Jonathan Marquardt wrote:
> On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
>> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
>> down Tor using Tor browser?
> 
> Well, given the way OP phrased his question, I just assumed he wanted to 
> prevent any unwanted input to his system, which is why I gave him a simple 
> ruleset which allows any output.

Right. But I'm more paranoid about restricting output, given that
phone-home malware is now a routine risk.

> If you want to filter output as well but allow Tor Browser to work, I see two 
> ways to accomplish that:
> 
> - Go with the seperate user method: Create a seperate user just to run Tor 
>   Browser and allow output for just this user. You could launch Tor Browser as 
>   this user using gksudo or kdesudo.

Thanks :)

> - Configure a bridge for Tor Browser to use and allow output to just this 
>   bridge filtering by IP adress as well as port.

That seems more complicated.

Sorry about missing the typo in my initial reply. It _was_ an invalid
rule. But accepting lo is necessary with default deny, right?



More information about the tor-talk mailing list