You are not logged in.

Pages: 1

#1 2025-01-06 17:51:16

Agripo6567
Member
Registered: 2024-12-17
Posts: 3

Are these iptables rules set up for working with the Tor browser ?

My configuration:
I'm using KDE as desktop environment.
I'm using the iptables rules from the following ArchWiki page without any modifications:

*nat
:PREROUTING ACCEPT [6:2126]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [17:6239]
:POSTROUTING ACCEPT [6:408]

-A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
-A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
-A OUTPUT -o lo -j RETURN
--ipv4 -A OUTPUT -d 192.168.0.0/16 -j RETURN
-A OUTPUT -m owner --uid-owner "tor" -j RETURN
-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040
COMMIT

*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]

-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
--ipv4 -A INPUT -p tcp -j REJECT --reject-with tcp-reset
--ipv4 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable
--ipv4 -A INPUT -j REJECT --reject-with icmp-proto-unreachable
--ipv6 -A INPUT -j REJECT
--ipv4 -A OUTPUT -d 127.0.0.0/8 -j ACCEPT
--ipv4 -A OUTPUT -d 192.168.0.0/16 -j ACCEPT
--ipv6 -A OUTPUT -d ::1/8 -j ACCEPT
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -m owner --uid-owner "tor" -j ACCEPT
--ipv4 -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
--ipv6 -A OUTPUT -j REJECT
COMMIT

These rules enable Transparent Torification on my system by forcing outgoing connections through the TransPort(9040) or DNSPort(5353), and blocks anything it cannot torrify.

My interrogations:
The ArchWiki page states:
"When a transparent proxy is used, it is possible to start a Tor session from the client as well as from the transparent proxy, creating a 'Tor over Tor' scenario."

Is this statement still true for the Tor Browser in the context of my current configuration? Will the Tor browser be routed twice through the tor network?

If not, how does the Tor Browser make its connection to the internet in this setup?

I am new to iptables, and the purpose of this post is to better understand how the iptables rules are working and affecting my system.

Thanks in advance!

Offline

Pages: 1

Board footer

Powered by FluxBB