corridor icon indicating copy to clipboard operation
corridor copied to clipboard

Published 20 hours ago verified publisher icon rustybird

Option to use corridor as host firewall rather than gateway?

Open adrelanos opened this issue 11 years ago • 3 comments

There are good reasons for anonymity not to emit any non-Tor traffic while browsing with Tor. Example, correlation of torified and non-torified TLS HELLO gmt_unix_time: https://trac.torproject.org/projects/tor/ticket/8751

One could use Tails or Whonix in a VM. And corridor firewall could run on the host to forbid any non-Tor traffic.

Could you add such a feature please?

Or would you accept a patch implementing this feature? Would require some if/else magic.

adrelanos avatar Aug 03 '14 20:08 adrelanos

It's really easy actually, just run ~~iptables -I OUTPUT -j CORRIDOR~~ and boom, you're using corridor as a local firewall. (Only the logging is a bit unintuitive in this case and needs to be documented.) I've been meaning to integrate this feature for some time now, and will look into it over the next weeks.

rustybird avatar Aug 07 '14 18:08 rustybird

And net.ipv4.ip_forward should not be enabled then?

adrelanos avatar Aug 12 '14 13:08 adrelanos

Yes, unless you're using corridor as both a local firewall and a gateway.

rustybird avatar Aug 13 '14 10:08 rustybird