* on the Wed, Aug 19, 2009 at 02:00:01AM -0400, Ringo wrote: > One problem I've continually run into while trying to setup a secure tor > virtual machine for browsing is that I have to allow it access to > localhost (to connect to Tor). Is there a way in iptables to say "deny > localhost access to all local ports except xyz" or even better say "deny > user access to all local ports except xyz" > > Thanks for any help people can offer,
I prevent all users other than root from connecting to the Tor Control port with an iptables rule which looks like this: iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT You should be able to modify that for your own purposes. -- Erilenz