Opened 4 years ago

Last modified 7 months ago

#13184 accepted enhancement

Add an option to whitelist networks

Reported by: dgoulet Owned by: dgoulet
Priority: Medium Milestone:
Component: Core Tor/Torsocks Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

This warning is possible for anything socket trying to connect to a localhost address.

WARNING torsocks[12360]: [connect] Connection to a local address are denied since it might be a TCP DNS query to a local DNS server. Rejecting it for safety reasons. (in tsocks_connect() at connect.c:177)

We should implement a whitelist mechanism so the user can tell which local network is allowed such as localhost.

Child Tickets

Change History (4)

comment:1 Changed 4 years ago by lunar

Could we also allow whitelisting by specific IP+port? In the use case of a local DNS server that route all requests through Tor, it's only a single port that needs to be whitelisted.

comment:2 Changed 4 years ago by dgoulet

Absolutely, it's a good idea!

I'm thinking of adding an option to the config file that could look like this:

# Allow to connect to this network and possible port.
AllowedNetwork <NET>[:PORT]
# Allow connection to a specific IP and possible port.
AllowedIP <IP>[:PORT]

Nothing final for the naming but I think that could make sense to have both that supports of course IPv4 and v6.

comment:3 Changed 2 years ago by dgoulet

Status: newaccepted

Accept a bunch of tickets for torsocks.

comment:4 Changed 7 months ago by teor

Severity: Normal

Set all open tickets without a severity to "Normal"

Note: See TracTickets for help on using tickets.