On Thu, 24 Jul 2014 01:16:26 +0000 Jacob Appelbaum <ja...@appelbaum.net> wrote:
> This change may > require some UI changes for enabling access to the local network. I > suggest that such access is disabled by default. I agree, this is the inverse of something I wrote to the list about a while ago -- if the local network is mine, I want to make an exception and not send things through tor, and "local" may not necessarily mean "directly connected". My workaround for this is a little shell+awk script that patches the firewall rules. If the change that you suggest is imported it will break my script and I won't be able to manage my network from my computer running tor! To address this we need a marker in the firewall rules that says "local policy goes here" and then I can find out what rule number that is and insert local policy there. Blindly accepting traffic by virtue of it being to an RFC1918 address is silly though, especially when an important intended use of tails is running in an untrusted and possibly hostile environment. Best, -w
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.