Re: [Tails-dev] vpwned

This message is part of the following thread:
M\the complete thread tree sorted by date
MMsycamoreone at <-
 
Delete this message

Reply to this message
Author: William Waites
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] vpwned
On Thu, 24 Jul 2014 01:16:26 +0000
Jacob Appelbaum <jacob@???> wrote:

> This change may
> require some UI changes for enabling access to the local network. I
> suggest that such access is disabled by default.

I agree, this is the inverse of something I wrote to the list about a
while ago -- if the local network is mine, I want to make an exception
and not send things through tor, and "local" may not necessarily mean
"directly connected". My workaround for this is a little shell+awk
script that patches the firewall rules. If the change that you suggest
is imported it will break my script and I won't be able to manage my
network from my computer running tor!

To address this we need a marker in the firewall rules that says "local
policy goes here" and then I can find out what rule number that is and
insert local policy there.

Blindly accepting traffic by virtue of it being to an RFC1918 address
is silly though, especially when an important intended use of tails is
running in an untrusted and possibly hostile environment.

Best,
-w
This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] vpwnedRe: [Tails-dev] [review'n'merge] Document the tails-press mailing list. #7574->
lists.autistici.org administrated by postmasterLurker (version 2.3)