Commit 84bb7b76 authored by Tails developers's avatar Tails developers
Browse files

Document access to automapped addresses.

parent bbfcfa8c
......@@ -55,6 +55,20 @@ attacks by compromised processes. For specifics, see the firewall
configuration where this is well commented:
[[!tails_gitweb config/chroot_local-includes/etc/ferm/ferm.conf]]
#### Automapped addresses
`AutomapHostsOnResolve` is enabled in Tor configuration, and
a firewall rule transparently redirects to the Tor transparent proxy
port the connections targeted at the `127.192.0.0/10` virtual mapped
address space.
Only the `amnesia` user is granted access to the Tor transparent proxy
port, so in practice only them can use this hostname-to-address
mapping facility.
- [[!tails_gitweb config/chroot_local-includes/etc/tor/torrc]]
- [[!tails_gitweb config/chroot_local-includes/etc/ferm/ferm.conf]]
#### IPv6
Tor does not support IPv6 yet so IPv6 communication is blocked.
......
......@@ -22,6 +22,7 @@ discussing it and making a decision, hence the todo/research tag :)
>> having `tor-resolve`'d `2eghzlv2wwcq7u7y.onion` to 127.192.0.1.
>>
>> Therefore, what's already in place does exactly what we decided we
>> wanted. Time to document it in the implementation notes.
>> wanted. Now documented on
>> [[contribute/design/Tor_enforcement/Network_filter]].
[[!tag todo/documentation]]
[[!tag todo/done]]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment