add IPtables chain for outgoing Tor traffic
authorPeter Müller <peter.mueller@ipfire.org>
Mon, 11 Mar 2019 20:07:00 +0000 (20:07 +0000)
committerMichael Tremer <michael.tremer@ipfire.org>
Thu, 14 Mar 2019 13:15:38 +0000 (13:15 +0000)
commit5fc5f703470b37b43e18be66da0fb181696428a7
tree5b96b4e1493a11bf943ab67ef81d2ed429ddee17
parent4680d554fc52813b9e2a1bae3888d0b34dfbb5ad
add IPtables chain for outgoing Tor traffic

If Tor is operating in relay mode, it has to open a lot of outgoing
TCP connections. These should be separated from any other outgoing
connections, as allowing _all_ outgoing traffic will be unwanted and
risky in most cases.

Thereof, Tor will be running as a dedicated user (see second patch),
allowing usage of user-based IPtables rulesets.

Partially fixes #11779.

Singed-off-by: Peter Müller <peter.mueller@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
src/initscripts/packages/tor
src/initscripts/system/firewall