On 07/05/2016 01:34 AM, grarpamp wrote: > On 7/4/16, Mirimir <miri...@riseup.net> wrote: >> Yes, VMs are heavyweight. But iptables rules for this are pretty >> trivial. Drop everything (input, forward and output). Accept output on >> eth0 only for user debian-tor. Accept all output on tun0. > > Sure that big hammer approach works for many. > > But it's not trivial, or in some cases even possible, > if you need some combinations of... > a) anything less than the entire routing table captured to vpn > b) more than one tor and/or vpn instance running > c) point different apps at and/or through different things > d) etc
True. It's much more flexible. But it makes me nervous. This also makes me nervous: https://sourceforge.net/p/vpnchains/wiki/Home/. But on the other hand, it could readily be scripted to switch VPN "circuits". And it would be easier if VPN SOCKS5 proxies existed. > The ticket exists make those type of things more trivial ;) Got it :) -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
