Using Tor Network and pfBlockerNG
-
I was reading this post about blocking Tor exit nodes: https://forum.pfsense.org/index.php?topic=126375.0 which led me to wonder how one would go about allowing a lan device to initate traffic through the Tor network and recieve a response through the Tor Network, but at the same time block non-LAN initiated incoming traffic from the Tor network?
Am I correct in assuming that this could be accomplished by using the lists in the above post to create 2 separate List Alias in pfBlockerNG as follows:
List Alias #1. Creates a "Deny Inbound" rule for the list, and
List Alias #2. Creates a "Permit Outbound" as the list optionAlso, does anybody know of a list of "bad/compromised" Tor exit relays?
-
You only need to allow the outbound and that will create a firewall state (Stateful Firewall) which will allow the packets back thru the Inbound (WAN)… If you have Internet facing ports, then you could use a Permit Inbound rule for those specific ports.
Don't think there is a specific Bad TOR node list.... Sometimes they are added to some IP Blacklists, but the feed maintainers try not to add TOR nodes to blocklists...
-
I think I got it! But let me put out 2 examples to see if I really do.
Example 1
Let's say I have an outbound GeoIP deny rule that blocks China. Tor wants to establish a circuit with the entrance relay being in China. Am I correct that the circuit would not be established because China is blocked by the outbound rule?
Example 2
Again I have China denied by an outbound rule. I'm browsing in Tor with an entrance relay in Germany which is not blocked. I hit a link in the Tor browser to a site in China. The result is it gets blocked?
-
if you want to use GEOIP and TOR, you can create a TOR alias and add the TOR exit node feeds. Set the Action to "Permit Outbound". Then ensure that the Rule Order option has the permit rules above the Block/Reject rules. Firewall rules are processed top to bottom.