Version 43 (modified by karsten, 6 years ago) (diff)

Name changed from TheOnionRouter/BlockNonTorTrafficDebian to doc/BlockNonTorTrafficDebian

How to block all local outbound traffic except for Tor in Debian.

A few simple "iptables" commands can do this (note that if you are using SSH these will block you immediately!). As root, enter:

# iptables -F OUTPUT
# iptables -A OUTPUT -j ACCEPT -m owner --uid-owner debian-tor
# iptables -A OUTPUT -j ACCEPT -o lo
# iptables -A OUTPUT -j ACCEPT -p udp --dport 123 
# iptables -P OUTPUT DROP
# iptables -L -v

The last command will display the number of packets that have been allowed through per rule or else dropped.

The only reason this is specific to debian is the username, "debian-tor." (What user does tor run as on other distros?)