Option to use corridor as host firewall rather than gateway?

rustybird / corridor

Tor traffic whitelisting gateway

ISC License

67 stars 6 forks source link

Option to use corridor as host firewall rather than gateway? #3

Open adrelanos opened 10 years ago

adrelanos commented 10 years ago

There are good reasons for anonymity not to emit any non-Tor traffic while browsing with Tor. Example, correlation of torified and non-torified TLS HELLO gmt_unix_time: https://trac.torproject.org/projects/tor/ticket/8751

One could use Tails or Whonix in a VM. And corridor firewall could run on the host to forbid any non-Tor traffic.

Could you add such a feature please?

Or would you accept a patch implementing this feature? Would require some if/else magic.

rustybird commented 10 years ago

It's really easy actually, just run ~~iptables -I OUTPUT -j CORRIDOR~~ and boom, you're using corridor as a local firewall. (Only the logging is a bit unintuitive in this case and needs to be documented.) I've been meaning to integrate this feature for some time now, and will look into it over the next weeks.

adrelanos commented 10 years ago

And net.ipv4.ip_forward should not be enabled then?

rustybird commented 10 years ago

Yes, unless you're using corridor as both a local firewall and a gateway.