On 12/12/2016 01:14 AM, Jonathan Marquardt wrote: > On Mon, Dec 12, 2016 at 12:12:54AM -0700, Mirimir wrote: >> Oops. Sorry. I'm used to straight Tor and Whonix. So how does one lock >> down Tor using Tor browser? > > Well, given the way OP phrased his question, I just assumed he wanted to > prevent any unwanted input to his system, which is why I gave him a simple > ruleset which allows any output.
Right. But I'm more paranoid about restricting output, given that phone-home malware is now a routine risk. > If you want to filter output as well but allow Tor Browser to work, I see two > ways to accomplish that: > > - Go with the seperate user method: Create a seperate user just to run Tor > Browser and allow output for just this user. You could launch Tor Browser > as > this user using gksudo or kdesudo. Thanks :) > - Configure a bridge for Tor Browser to use and allow output to just this > bridge filtering by IP adress as well as port. That seems more complicated. Sorry about missing the typo in my initial reply. It _was_ an invalid rule. But accepting lo is necessary with default deny, right? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk