Rusty Bird
Rusty Bird
> `advertise the directory` sounds scary. True, but it doesn't actually happen unless an ORPort is also being advertised. > Perhaps as short term fix, the NoAdvertise flag should be...
corridor uses `SETCONF DirPort="127.0.0.1:9030 NoAdvertise"` now. It's still a hack, so I'm leaving this issue open.
> I tested corridor on a Debian host running Whonix KVM guests. Do I understand it right that you are using corridor as a host firewall? > LAN connections are...
@adrelanos: > I think I can interpret @rustybird's answer as "LAN connections are enabled by default" No, the CORRIDOR_FILTER chain does not distinguish between global and private or even localhost...
@HulaHoopWhonix: > iptables v1.6.0: Couldn't load target `CORRIDOR':No such file or directory It is called CORRIDOR_FILTER now (not CORRIDOR). But again, the original rule was too aggressive anyway, so try...
> - Qubes missing service warning still shows ? > - all outgoing connections (including Tor connections) on host and whonix are blocked. Does the corridor_relays ipset get populated? Try...
> **ipset:** > > sudo ipset list corridor_relays > Name: corridor_relays > Type: hash:ip,port > Revision: 5 > Header: family inet hashsize 64 maxelem 65536 > Size in memory: 128...
> > by explicitly adding an iptables rule that allows traffic for the host's tor daemon > > I think that's the way to go. Can you please include this...
Maybe monkey-patching via Mozilla AutoConfig - like https://github.com/girst/LegacyFox - could bridge the gap until the MailExtension rewrite?
> a quick gh comparison suggests there are 55 missing issues 12 of those appear to be fine (#1687 #1893 #1894 #1898 #2187 #2481 #2659 #3170 #3513 #4923 #5035 #5063),...