1. The standard tails livecd is just the normal tails os, the user enters
their bridges into vidalia, or however it ends up being supported in tails
2. This is simply a bridge firewall, for example a Tails livecd where
iptables is configured to be a transparent bridge firewall.
The user also enters their bridge IPs in here
The bridging firewall is simply iptables in bridge mode (no IP addresses
used) and is told to ONLY allow traffic going to and from the user
supplied bridge IP addresses
The attack surface for revealing a users IP is now reduced to being able
to exploit a vulnerability in iptables, these are *extremely* rare
compared to vulnerabilities in the end-user applications used, local
kernel exploits etc