hello hello,
first i have to say i'm not a Tails member, i'm just a very long time
user and trainer for activists, and i've contributed very little in the
past 10 years.
Let me reply in your mail:
> […]
Specifically, I would like to know if disabling the firewall or making
changes to the IP tables is a permanent action or if these settings will
reset upon rebooting the system.
Disabling the firewall definitely has huge drawbacks if there are other
activities going on in the same usb stick, or if it has a persistent
storage.
But it should come back as normal after a reboot.
If your threat model brings a risk of a remote hacking of your USB
stick, then it might not be enough to reboot.
I am considering downloading the Monero
blockchain over clearnet (as I'm sure it would take days over Tor) and
want to ensure that I understand the implications of modifying these
settings. I don't want to do this if it is permanent as I was looking
for temporally doing so.
For your usecase, i would rather use Debian Live and store the data in
an encrypted USB stick (see
https://tails.net/doc/encryption_and_privacy/encrypted_volume), as you
don't seem to need the specific thing Tails offers: enforcing the use of
the Tor network.
Tails also tries to leave no trace behind, so depending on your threat
model, you may want to keep it with Tails, but a Debian Live would just
go through the clearnet and still allow you to follow the link above to
create a LUKS encrypted storage on a USB stick.
If you want to go the Tails way, you may use a fresh Tails with no
persistence, disable the firewall, do your download, save it on another
(encrypted) USB stick and reinstall Tails.
Disabling the firewall brings several risks, at least:
- Tor would not be enforced anymore during the session
- Incomming connections would not be blocked
- Network isolation between apps will no longer work
I'm sure there are other that just don't come to mind right now.
Additionally, I would appreciate your advice on whether it is safe to
disable or change firewall rules with administrative privileges for this
purpose, or if there are any potential risks involved.
You will *need* to set an admin password (
https://tails.net/doc/first_steps/welcome_screen/administration_password/ )
to be able to disable the firewall, and quite some knowledge in linux
network management (at least iptables, but probably also network namespaces)
Thank you for your assistance, and I look forward to your response.
I hope I could help a little :)
gagz
_______________________________________________
Tails-dev mailing list
[email protected]
https://www.autistici.org/mailman/listinfo/tails-dev
To unsubscribe from this list, send an empty email to
[email protected].
