On Thursday 2 June, 2011 14:50:44 Martin Fick wrote: > --- On Thu, 6/2/11, cac...@quantum-sci.com <cac...@quantum-sci.com> wrote: > > > For those interested, so far my best idea is running the > > daemon in a VirtualBox VM running SELinux as guest, and > > bridged to the outside. This should substantially > > solve most problems except membership in the local > > LAN. > > I don't think that this would make for a best practice, > I think that a linux lxc should be encouraged instead, > it is way more efficient.
I looked at containers in depth. They are simply not secure. On Thursday 2 June, 2011 14:50:44 Martin Fick wrote: > As fir isolation, I think that a best practice > should use iptable rules. But if you want to > go the cheap hardware route, buy a $5/15 nic > and add it to your box and plug that nic into > your modem's DMZ port, most of them have one. Goes without saying (although I should have said it), iptables for sure, blocking everything in and out except what is absolutely needed. I use a fine firewall called Shorewall, developed a couple blocks away from me actually. Most ppl have consumer-grade routers; no DMZ port. Wish there was... _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
