Allow users to disable Tor blocking if they use it for legit purposes

A3sal0n / FalconGate

A smart gateway to stop cyber criminals - Sponsored by Falcon Guard

https://falconguard.cz

GNU General Public License v3.0

251 stars 59 forks source link

Allow users to disable Tor blocking if they use it for legit purposes #38

Closed A3sal0n closed 6 years ago

easy4MEr commented 7 years ago

Will disabling Tor blocking affect all devices, or are we gonna implement disabling only for specific devices?

A3sal0n commented 7 years ago

We could whitelist specific devices for Tor communication. This is the ideal setup.

If we use a dedicated ipset list for the Tor IP addresses and another dedicated ipset whitelist for the allowed IPs. Then we could configure an additional firewall rule like the one below:

iptables -A FORWARD \ -m set --set tor_whitelist src \ -m set --set tor_addresses dst \ -j ACCEPT

A3sal0n commented 6 years ago

Finally done. This one really took a long time :)

Details in latest commit 012d69b8b3aa87aa3a74b7057e356c9523c11a5c