I have setup a transparent Tor proxy with the following pf ruleset:
https://paste.c-net.org/WharfSeasick
It routes most importantly all TCP and DNS traffic through the Tor network.
Now I want to have another rule for I2P bittorrent, meaning that there is a rule
for traffic that must be routed through I2P AND must be bittorrent traffic AND
doesn't
go through Tor. I got the I2P and Not-Tor part insofar, that I established:
pass out proto { tcp udp } _user i2pd
but my problem is, that I can't be sure if this traffic is bittorrent or a
hypothetical
attacker. Ideally, I thought, it would be to have tag for bittorrent like I
have for DNS
and TCP. A tag is no gurantee, that traffic is legit, but it would be an
approxmiation.
If my understanding of tags is correct, it would be safer to assume traffic
tagged
"bittorrent" is really bittorrent, as opposed to traffic only having a certain
port number.
If I'm mistaken and tags aren't safer and more practical, is there any other
solution?
Is there any way to make a rule to ensure traffic passed out by this rule will
be only bittorrent?
Thanks in advance
