[Freedombox-discuss] Dev: Sending All Traffic Over Tor?
Anders Jackson
anders.jackson at gmail.com
Fri Mar 28 19:31:01 UTC 2014
Den 28 mar 2014 17:45 skrev "James Valleroy" <james.valleroy at gmail.com>:
>
> On Fri, Mar 28, 2014 at 12:21 PM, Nick Daly <nick.m.daly at gmail.com> wrote:
> > On Fri, Mar 28, 2014 at 10:02 AM, Nick Daly <nick.m.daly at gmail.com>
wrote:
> >>
> >> Hi folks, since we now support running Tor bridges on boxes, is it
> >> time to send all the box's traffic over Tor?
> >
> > Since we now have a UI that we can use to configure settings, lets try
> > setting all traffic to go through Tor by default. Users who don't want
> > this feature can selectively disable it. To do that, we'll need a few
> > more infrastructure pieces in place:
> >
> > 1. iptables support (yet another cross-cutting concern).
>
> Just a note that iptables are currently being configured by this init
script:
>
https://github.com/petterreinholdtsen/freedombox-setup/blob/master/debian/freedombox-setup.proxy.init
Could we not use a proper firewall frontend so we don't need to manage all
rules to set up proper firewall rules for IPv4 and IPv6? It's hard enough
to manage IPv4 properly and then handle Ipv6 on top of that isn't any
easier. Most tries I have seen doing that with ipv6 get it horribly wrong.
:-(
> It only sets up LAN / wifi routing and NAT currently.
And not properly, I think. Yes, it is hard to set up a proper firewall to
follow all RFC:s that you should know. Better to reuse that coded into ufw,
shorewall etc.
No, I wouldn't done it better myself. That is why I don't do it "natively"
any more.
/Anders ______________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/freedombox-discuss/attachments/20140328/24ea72b8/attachment-0001.html>
More information about the Freedombox-discuss
mailing list