On 01/26/2020 10:53 PM, Jim wrote: > Forst wrote: >> In that case, what would be best approach to achieve that all traffic >> is forced though Tor and direct internet connection blocked, >> preferably even if/when the system is breached? > > Roger gave a good reply for the case where the system is not breached. > But if your firewall is on the same system as the hidden service and an > attacker gets root then nothing can save you since the attacker could > alter the firewall at will. The only exception I can think of is > SELinux *might* provide a mechanism to prevent this but I am not > familiar with it. > > Jim
If you're that paranoid, you can use the Whonix model. Basically, run the Tor process and firewall on one machine, with requisite ports exposed on an isolated LAN. And run the web server on another machine, connected via that LAN. So nothing on that machine can see the Internet, except through Tor. If you control physical access, it's most secure for those to be separate hardware. Otherwise, you can use KVM VMs. You can even run KVM VMs on some KVM VPS, although it's a little sluggish. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
