forked from rustybird/corridor
-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcontrol
36 lines (34 loc) · 1.55 KB
/
control
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
## This file is part of Whonix.
## Copyright (C) 2012 - 2016 Patrick Schleizer <[email protected]>
## See the file COPYING for copying conditions.
Source: corridor
Section: misc
Priority: optional
Maintainer: Patrick Schleizer <[email protected]>
Build-Depends: debhelper (>= 9), faketime, genmkfile, dh-systemd
Homepage: https://github.com/rustybird/corridor
Vcs-Browser: https://github.com/rustybird/corridor
Vcs-Git: https://github.com/rustybird/corridor.git
Standards-Version: 3.9.6
Package: corridor
Architecture: all
Depends: ipset, socat, tor, ${misc:Depends}
Description: Tor traffic whitelisting gateway
There are several transparently torifying gateways. They suffer from the same
problems:
.
- It's tricky to isolate circuits and issue NEWNYM signals, especially if
multiple client computers are involved.
- Any garbage software can pump identifiers into "anonymous" circuits, and
get itself exploited by malicious exit nodes.
- Trust is centralized to the gateway, which is bad enough when used by one
person, and just inappropriate when shared with strangers.
.
corridor takes a different approach. It allows only connections to Tor relays
to pass through (no clearnet leaks!), but client computers are themselves
responsible for torifying their own traffic. In other words, it is a filtering
gateway, not a proxying gateway.
.
You can think of it as defense in depth for your vanilla Tor Browser or Tails,
for your beautiful scary experimental Qubes proxying schemes, etc. Or invite
the hood to use your WiFi without getting into trouble.