Will Glynn:
> ... just tell them if they want to be secure that they shouldn't browse
> Freenet with anything other than 'less' if they want to remain anonymous.
Linux supports per-user firewall rules; these are trivially employed
to create a sandbox from which one may access freenet-downloaded
content with an incomparably higher degree of safety.
# Accept TCP packets destined for localhost:8888.
iptables -A OUTPUT -d localhost -p tcp --dport 8888 -m owner --uid-owner
freenet -j ACCEPT
# Drop everything else.
iptables -A OUTPUT -m owner --uid-owner freenet -j DROP
One should also disable HTTP inserts, which are another way to
divulge compromising information.
httpInserts=false
(Note that I've just checked in support for this. Feedback and fixes
are obviously welcome.)
_______________________________________________
devl mailing list
[EMAIL PROTECTED]
http://hawk.freenetproject.org:8080/cgi-bin/mailman/listinfo/devl
