I'm setting up a Tor-based isolating proxy using the 'Anonymizing Middlebox'
iptables rules specified here:
https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
i.e.
iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT
--to-ports 53iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT
--to-ports 9040
...and the INPUT, OUTPUT and FORWARD chains are left at the default. Would
there be any merit to also including the following rules?
iptables -P INPUT DROPiptables -P FORWARD DROPiptables -P OUTPUT DROP
iptables -A INPUT -i lo -j ACCEPTiptables -A INPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPTiptables -A OUTPUT -m state --state
ESTABLISHED,RELATED -j ACCEPT
Or are they rendered unnecessary by my current setup?
Are there any other firewall rules that I should consider in order to improve
security and ensure that all traffic is torified?
Many thanks.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
