For example, if we set the rule to exclude (or the equivalent IP address we get from dig +short), using the browser on the client should show me that tor is not anymore used. These domains should be forwarded from the client to the destination and directly connect to the destination as we have with a simple NAT/MASQUERADING situation. I would like to add ip tables rules to exclude certain domains from being routed through tor. Using the browser on the client (connected to wlan0) to reach shows that tor is used. A PREROUTING -i wlan0 -p udp -j REDIRECT -to-ports 9040Īll is working fine. A PREROUTING -i wlan0 -p udp -m udp -dport 53 -j REDIRECT -to-ports 9053 A PREROUTING -i wlan0 -p tcp -j REDIRECT -to-ports 9040 A OUTPUT -m state -state INVALID -j DROP A OUTPUT -m conntrack -ctstate INVALID -j DROP A FORWARD -p icmp -m icmp -icmp-type 0 -j ACCEPT A FORWARD -p icmp -m icmp -icmp-type 8 -j ACCEPT A FORWARD -m state -state INVALID -j DROP A INPUT -p icmp -m icmp -icmp-type 0 -j ACCEPT A INPUT -p icmp -m icmp -icmp-type 8 -j ACCEPT A INPUT ! -s 192.0.0.0/8 -i wlan0 -j LOG -log-prefix "SPOOFED PKT " A INPUT -m state -state RELATED,ESTABLISHED -j ACCEPT I'm running a tor router on a Raspberry Pi with following iptables rules ( wlan0: internal net with clients / wlan1: Internet): :INPUT DROP
0 kommentar(er)
