Firejail: Difference between revisions
imported>Onny Simplify tor instructions |
imported>Onny Updated Tor instruction to use nftables instead of iptables |
||
Line 55: | Line 55: | ||
=== Torify application traffic === | === Torify application traffic === | ||
{{Note|Parts of this instruction are not yet stable and will be available in the upcoming NixOS 23.05 release.}} | |||
The following example configuration creates a virtual network bridge which can be used in Firejail as an isolated network namespace. All traffic originating from this interface will be routed through a local [[Tor]] service which will therefore anonymize your internet traffic. | The following example configuration creates a virtual network bridge which can be used in Firejail as an isolated network namespace. All traffic originating from this interface will be routed through a local [[Tor]] service which will therefore anonymize your internet traffic. | ||
Line 75: | Line 77: | ||
prefixLength = 24; | prefixLength = 24; | ||
}]; | }]; | ||
nftables = { | |||
enable = true; | |||
ruleset = '' | |||
table ip nat { | |||
chain PREROUTING { | |||
type nat hook prerouting priority dstnat; policy accept; | |||
iifname "tornet" udp dport 53 dnat to 127.0.0.1:5353 | |||
iifname "tornet" meta l4proto tcp dnat to 127.0.0.1:9040 | |||
} | |||
} | |||
''; | |||
}; | |||
firewall = { | firewall = { | ||
enable = true; | enable = true; | ||
Line 81: | Line 95: | ||
allowedUDPPorts = [ 5353 ]; | allowedUDPPorts = [ 5353 ]; | ||
}; | }; | ||
}; | }; | ||
}; | }; |