Firejail: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Onny
Simplify tor instructions
imported>Onny
Updated Tor instruction to use nftables instead of iptables
Line 55: Line 55:


=== Torify application traffic ===
=== Torify application traffic ===
{{Note|Parts of this instruction are not yet stable and will be available in the upcoming NixOS 23.05 release.}}


The following example configuration creates a virtual network bridge which can be used in Firejail as an isolated network namespace. All traffic originating from this interface will be routed through a local [[Tor]] service which will therefore anonymize your internet traffic.
The following example configuration creates a virtual network bridge which can be used in Firejail as an isolated network namespace. All traffic originating from this interface will be routed through a local [[Tor]] service which will therefore anonymize your internet traffic.
Line 75: Line 77:
     prefixLength = 24;
     prefixLength = 24;
   }];
   }];
  nftables = {
    enable = true;
    ruleset = ''
      table ip nat {
        chain PREROUTING {
          type nat hook prerouting priority dstnat; policy accept;
          iifname "tornet" udp dport 53 dnat to 127.0.0.1:5353
          iifname "tornet" meta l4proto tcp dnat to 127.0.0.1:9040
        }
      }
    '';
  };
   firewall = {
   firewall = {
     enable = true;
     enable = true;
Line 81: Line 95:
       allowedUDPPorts = [ 5353 ];
       allowedUDPPorts = [ 5353 ];
     };
     };
    extraCommands = ''
      iptables -t nat -A PREROUTING -i tornet -p udp -m udp --dport 53 -j DNAT --to-destination 127.0.0.1:5353
      iptables -t nat -A PREROUTING -i tornet -p tcp -j DNAT --to-destination 127.0.0.1:9040
    '';
   };
   };
};
};
Retrieved from "https://wiki.nixos.org/wiki/Firejail"