Hello.My iptables rules are as below:
-P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-A INPUT -s 127.0.0.0/8 -d
127.0.0.0/8 -i lo -j ACCEPT-A INPUT -m state --state RELATED,ESTABLISHED -j
ACCEPT-A INPUT -j REJECT --reject-with icmp-port-unreachable-A FORWARD -j
REJECT --reject-with
On 12/12/2016 03:35 AM, Jason Long wrote:
> can anyone edit my rules and tell me what is my problem?
You asked "What is my problem? Why I can't use "obfs4" ?"
The problem, I think, is that you reject everything ...
-A OUTPUT -j REJECT --reject-with icmp-port-unreachable
... before allowing
On 12/12/2016 03:35 AM, Jason Long wrote:
> can anyone edit my rules and tell me what is my problem?
I'll look through them, later today.
If you install iptables-persistent, create an /iptables/test-rules.v4
rules file, and run `iptables-restore < /iptables/test-rules.v4`, the
app will tell you
Did you see my iptables rules? What is my problem?
On Sun, 12/11/16, Jonathan Marquardt <m...@parckwart.de> wrote:
Subject: Re: [tor-talk] Tor and iptables.
To: tor-talk@lists.torproject.org
Date: Sunday, December 11, 2016, 7:24 AM
On Su
Did you see my iptables rules? What is my problem?
On Sun, 12/11/16, Jonathan Marquardt <m...@parckwart.de> wrote:
Subject: Re: [tor-talk] Tor and iptables.
To: tor-talk@lists.torproject.org
Date: Sunday, December 11, 2016, 7:24 AM
On Su
can anyone edit my rules and tell me what is my problem?
On Monday, December 12, 2016 1:23 AM, Jonathan Marquardt
wrote:
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote:
> Sorry about missing the typo in my initial reply. It _was_ an invalid
> rule. But
My iptables rules are :
*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -j
ACCEPT -m state --state RELATED,ESTABLISHED-A INPUT -i lo -j ACCEPT#-A INPUT -d
127.0.0.0/8 ! -i lo -j REJECT --reject-with icmp-port-unreachable-A INPUT -m
state --state RELATED,ESTABLISHED
On Mon, Dec 12, 2016 at 01:52:22AM -0700, Mirimir wrote:
> Sorry about missing the typo in my initial reply. It _was_ an invalid
> rule. But accepting lo is necessary with default deny, right?
Yes, sorry, you're right. My bad.
--
tor-talk mailing list - tor-talk@lists.torproject.org
To
On 12/12/2016 01:14 AM, Jonathan Marquardt wrote:
> On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
>> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
>> down Tor using Tor browser?
>
> Well, given the way OP phrased his question, I just assumed he wanted to
>
On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote:
> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock
> down Tor using Tor browser?
Well, given the way OP phrased his question, I just assumed he wanted to
prevent any unwanted input to his system, which is why I gave
On Mon, 12 Dec 2016 00:12:54 -0700
Mirimir wrote:
> > Also: "-A OUTPUT -i lo -j ACCEPT" is neither a valid rule, nor is it
> > necessary, since loopback traffic is already allowed at input and stateful
> > inspection is enabled both ways.
>
> Not valid? It works for me.
On Sun, Dec 11, 2016 at 11:33:23PM -0700, Mirimir wrote:
> On 12/10/2016 07:16 AM, Jason Long wrote:
> > Hello.
> > I like to close all INPUT connections via iptables but I like to use
> > TorBrowser, Then Which port(s) must be open?
> >
> > -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
> >
>
On 12/10/2016 07:16 AM, Jason Long wrote:
> Hello.
> I like to close all INPUT connections via iptables but I like to use
> TorBrowser, Then Which port(s) must be open?
>
> -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
>
>
> Is it enough? How about "INPUT"? Must I open any input port too?
>
On Sun, Dec 11, 2016 at 12:26:47PM +, Jason Long wrote:
> Excuse me, I must allow input to my system? It is so bad :(, I don't like to
> allow everyone.
This has nothing to do with Tor. It's just the general way how the IP protocol
works. Without allowing stateful input, you couldn't do any
Excuse me, I must allow input to my system? It is so bad :(, I don't like to
allow everyone.
On Sunday, December 11, 2016 2:44 AM, Jonathan Marquardt
wrote:
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful Inspection is used for this. Here's a complete
ruleset to accomplish what you asked for. All output is allowed, but no input,
except it belongs to some output your computer previously
Hello.
I like to close all INPUT connections via iptables but I like to use
TorBrowser, Then Which port(s) must be open?
-A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
Is it enough? How about "INPUT"? Must I open any input port too?
Thank you.
--
tor-talk mailing list -
Tor can't connect and show me below error:
12/09/2016 17:41:40.300 [NOTICE] DisableNetwork is set. Tor will not make or
accept non-control network connections. Shutting down all existing connections.
12/09/2016 17:41:40.300 [NOTICE] Opening Socks listener on 127.0.0.1:9150
12/09/2016
18 matches
Mail list logo