adev@???:
> I think since tails now supports bridges and obsproxy, then someone
> one day may implement a hardened firewall cd that runs in front of
> tails, and allows only traffic to the bridges the user has
> specified
>
> This would stop an attacker from learning the tails machine real IP
> even if they gained root on the machine, unless they could use a
> *rare* exploit against iptables or pf on the firewall machine (or
> some other attack) A multi machine setup may be less coding work
> for developers than setting up virtualization, and be more secure
What you describe, was sometimes called a bridge firewall. I
considered creating something like this and put it in front of
Whonix-Gateway. (To make a two machine system perhaps an optional
three machine system.)
Unfortunately, it turned out, that once the Tor process has been
compromised, external IP is also compromised because Tor knows it.
I documented this and a few other aspects of such a bridge firewall:
https://trac.torproject.org/projects/tor/wiki/doc/TorifyHOWTO/BridgeFirewall