Changes between Version 49 and Version 50 of doc/BlockNonTorTrafficDebian


Ignore:
Timestamp:
Mar 31, 2018, 10:16:27 AM (12 months ago)
Author:
Jaruga
Comment:

Notice of new page

Legend:

Unmodified
Added
Removed
Modified
  • doc/BlockNonTorTrafficDebian

    v49 v50  
    1 = How to block all local outbound traffic except for Tor in Debian. =
    2 A few simple "iptables" commands can do this (note that if you are using SSH these will block you immediately!). As root, enter:
     1= Page Moved =
    32
    4 {{{
    5 # iptables -F OUTPUT
    6 # iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
    7 # iptables -A OUTPUT -j ACCEPT -o lo
    8 # iptables -A OUTPUT -j ACCEPT -p udp --dport 123
    9 # iptables -P OUTPUT DROP
    10 # iptables -L -v
    11 }}}
    12 The last command will display the number of packets that have been allowed through per rule or else dropped.
    13 
    14 The only reason this is specific to debian is the username, "debian-tor." (What user does tor run as on other distros?) Ubuntu also uses "debian-tor". On Gentoo it is just "tor", other none-debian based distros may also use this.
    15 
    16 **It should be noted that the line containing `iptables -A OUTPUT -j ACCEPT -p udp --dport 123` is used to allow outbound NTP connections that are not routed over tor.[[BR]]The line containing `iptables -A OUTPUT -j ACCEPT -o lo` is used to allow traffic over the loopback device and is completely safe.
     3These instructions have been made more widely applicable. Please see [https://trac.torproject.org/projects/tor/wiki/doc/BlockingNonTorTraffic Blocking all local outbound non-Tor traffic with iptables].