OK, so I don't use standalone Tor browser, just in Whonix. And when I use Tor in Debian, I use iptables rules like:
*filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A INPUT -j DROP -A FORWARD -j DROP -A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A OUTPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT -A OUTPUT -j DROP COMMIT But, in a Debian VM running Tor browser, I found that the tor process is running as the login user. And so iptables is totally useless. However, it's apparently easy to start Tor browser as its own user, using Micah Lee's torbrowser-launcher.[0] Is that a prudent solution? 0) https://medium.com/@jamesmacwhite/running-the-tor-browser-on-kali-linux-the-proper-way-d33a38b54e96 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
