Hello.My iptables rules are as below:
-P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-A INPUT -s 127.0.0.0/8 -d
127.0.0.0/8 -i lo -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT-A INPUT -j REJECT --reject-with icmp-port-unreachable-A FORWARD -j
REJECT --reject-with icmp-port-unreacha
On 12/12/2016 03:35 AM, Jason Long wrote:
> can anyone edit my rules and tell me what is my problem?
You asked "What is my problem? Why I can't use "obfs4" ?"
The problem, I think, is that you reject everything ...
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
... before allowing Tor
On 12/12/2016 03:35 AM, Jason Long wrote:
> can anyone edit my rules and tell me what is my problem?
I'll look through them, later today.
If you install iptables-persistent, create an /iptables/test-rules.v4
rules file, and run `iptables-restore < /iptables/test-rules.v4`, the
app will tell you
Did you see my iptables rules? What is my problem?
On Sun, 12/11/16, Jonathan Marquardt wrote:
Subject: Re: [tor-talk] Tor and iptables.
To: tor-talk@lists.torproject.org
Date: Sunday, December 11, 2016, 7:24 AM
On Sun, Dec 11, 2016 at
12:26
Did you see my iptables rules? What is my problem?
On Sun, 12/11/16, Jonathan Marquardt wrote:
Subject: Re: [tor-talk] Tor and iptables.
To: tor-talk@lists.torproject.org
Date: Sunday, December 11, 2016, 7:24 AM
On Sun, Dec 11, 2016 at
12:26
can anyone edit my rules and tell me what is my problem?
On Monday, December 12, 2016 1:23 AM, Jonathan Marquardt
wrote:
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote:
> Sorry about missing the typo in my initial reply. It _was_ an invalid
> rule. But accepting lo is necessary
My iptables rules are :
*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -j
ACCEPT -m state --state RELATED,ESTABLISHED-A INPUT -i lo -j ACCEPT#-A INPUT -d
127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable-A INPUT -m
state --state RELATED,ESTABLISHED -j
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote:
> Sorry about missing the typo in my initial reply. It _was_ an invalid
> rule. But accepting lo is necessary with default deny, right?
Yes, sorry, you're right. My bad.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscrib
On 12/12/2016 01:14 AM, Jonathan Marquardt wrote:
> On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
>> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
>> down Tor using Tor browser?
>
> Well, given the way OP phrased his question, I just assumed he wanted to
> prev
On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
> down Tor using Tor browser?
Well, given the way OP phrased his question, I just assumed he wanted to
prevent any unwanted input to his system, which is why I gave hi
On Mon, 12 Dec 2016 00:12:54 -0700
Mirimir wrote:
> > Also: "-A OUTPUT -i lo -j ACCEPT" is neither a valid rule, nor is it
> > necessary, since loopback traffic is already allowed at input and stateful
> > inspection is enabled both ways.
>
> Not valid? It works for me. And by default, I drop
On 12/11/2016 11:44 PM, Jonathan Marquardt wrote:
> On Sun, Dec 11, 2016 at 11:33:23PM -0700, Mirimir wrote:
>> On 12/10/2016 07:16 AM, Jason Long wrote:
>>> Hello.
>>> I like to close all INPUT connections via iptables but I like to use
>>> TorBrowser, Then Which port(s) must be open?
>>>
>>> -A
On Sun, Dec 11, 2016 at 11:33:23PM -0700, Mirimir wrote:
> On 12/10/2016 07:16 AM, Jason Long wrote:
> > Hello.
> > I like to close all INPUT connections via iptables but I like to use
> > TorBrowser, Then Which port(s) must be open?
> >
> > -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
> >
> >
On 12/10/2016 07:16 AM, Jason Long wrote:
> Hello.
> I like to close all INPUT connections via iptables but I like to use
> TorBrowser, Then Which port(s) must be open?
>
> -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
>
>
> Is it enough? How about "INPUT"? Must I open any input port too?
>
>
On Sun, Dec 11, 2016 at 12:26:47PM +, Jason Long wrote:
> Excuse me, I must allow input to my system? It is so bad :(, I don't like to
> allow everyone.
This has nothing to do with Tor. It's just the general way how the IP protocol
works. Without allowing stateful input, you couldn't do any
Excuse me, I must allow input to my system? It is so bad :(, I don't like to
allow everyone.
On Sunday, December 11, 2016 2:44 AM, Jonathan Marquardt
wrote:
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful Inspection is used for t
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful Inspection is used for this. Here's a complete
ruleset to accomplish what you asked for. All output is allowed, but no input,
except it belongs to some output your computer previously d
Tor can't connect and show me below error:
12/09/2016 17:41:40.300 [NOTICE] DisableNetwork is set. Tor will not make or
accept non-control network connections. Shutting down all existing connections.
12/09/2016 17:41:40.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150
12/09/2016 17:41:42.1
Hello.
I like to close all INPUT connections via iptables but I like to use
TorBrowser, Then Which port(s) must be open?
-A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
Is it enough? How about "INPUT"? Must I open any input port too?
Thank you.
--
tor-talk mailing list - tor-talk@lists.torproj
19 matches
Mail list logo
