Jump to content
  • Announcements

    • Rodion Nagornov

      Долгое сохранение сообщений || Delays while posting (click here to read the full text RU/EN)   09/20/2017

      Due to some technical reasons visual delays are possible while message sending. Actually your message is published immediately - just interface works long. In such case, please, do not re-send your message immediately! Press F5 to reload the page and check if your message/topic is published. || По техническим причинам возможно визуально долгое отправление сообщений на форуме. Фактически ваше сообщение публикуется мгновенно - долго отрабатывает графика. В случае подобной ситуации, пожалуйста, сначала обновите страницу (F5) и проверьте, появилось ли ваше сообщение. Не пытайтесь сразу отправить его заново.
Sign in to follow this  
MondayMorning

Block all traffic except TOR traffic - Making sure nothing is sent insecurely

Recommended Posts

Hey there

 

I am looking to achieve a secure encrypted computer so that when I connect through open wireless hotspots everything is encrypted and traffic is allowed only through TOR. Basically all that I am looking to achieve is that only TOR will be able to access the outside world. I would like to guarantee that on the Firewall level which is more secure than other techniques.

 

What I went about doing is

Going to Network packages and add 2 rules:

First : Block Any Network Activity

Second: Allow any Network activity from 127.0.0.1

 

Basically I thought that would be enough to achieve what I am looking for. Unfortuantely, I see TOR is unable to access the internet and build a secure channe. So I went further and created 3 rules which are application based:

Privoxy.exe - Allow any network activity

Tor.exe - Allow any network activity

Vidalia.exe - Allow any network activity

 

So it goes like in this order:

 

BLOCK Any Network Activity (This makes sure beyond doubt everything is first blocked)

ALLOW Any Network Activity from 127.0.0.1

ALLOW Any Network Activity from application Privoxy.exe

ALLOW Any Network Activity from application Tor.exe

ALLOW Any Network Activity from application Vidalia.exe

 

I thought that should do the trick but it doesn't! It should be very simple but I cannot browse the internet cause TOR simply cannot build the nodes.

 

Any help is appreciated.

Share this post


Link to post

Hello Lucian.

 

I don't understand what you mean. How can I move application rules to be before Packet Rules??

 

I attached a snapshot of my rules, can you please tell me what shall I do ?

 

Thank you very much

post-149569-1233233921_thumb.jpg

Share this post


Link to post
you messed up the rules, you are not allowing packet level outgoing tcp and udp streams (which means for every application), just incoming, you have to also allow outgoing packets/streams. create the two packet rules, allowing outgoing traffic, set them to "According to application rules", go to the programs tab, right click the network access column for each group and set it to deny. afterwards look for tor and the other applications you want to allow and set it to allow.

 

Hi Lucian,

 

When you said I messed up the rules. Do you mean (SEE 1ST ATTACHED IMAGE) these two lines should be omitted? That is very strange for me, since I didn't put these 2 rules in there myself. They were just there, never touched them. And they have been there for months and absolutely no problem at all with any program or any internet connection. So how come the system worked fine ? I puzzled.

 

So you mean I have to delete these two lines (Which were there by default) and put the 2 rules for the outgoing traffic? So it would look like the second picture I attached (SEE 2ND ATTACHED IMAGE)

 

I appreciate your look into it.

 

post-149569-1233358499_thumb.jpg

post-149569-1233358541_thumb.jpg

Share this post


Link to post
no, don't delete any more rules, add two any outgoing tcp and any outgoing udp rules, above the two any incoming udp/tcp rules. set tem to "according to application rules". Afterwards go to the program tab and do what i said in the other post

 

Thanks a lot!

That seems to do the trick

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×