4
3
The well-known but unsafe method is to use torify
. It is unsafe because we ask an application to use Tor, not force it. If the application misbehaves or is being exploided by a bug,
it will still allow non-Tor connections to be made to the outside world.
Firejail, on the other hand, is a security tool that allows you to sandbox applications by providing them an isolated kernel namespace, seccomp filters and, what's important, an custom network stack.
So, how do I create a Tor-only network interface that could be fed to Firejail? According to Firejail documentation, it accepts any bridge network interface:
Firejail can attach a new TCP/IP networking stack to the sandbox. The new stack comes with its own routing table, firewall and set of interfaces. It is totally independent of the host network stack.
- Create new interfaces – Linux kernel macvlan and bridge devices are created and moved automatically in the sandbox.
- Move existing interfaces – existing interfaces can be moved inside the sandbox. The interface configuration is preserved.
'redirect traffic from bridge to http proxy' https://superuser.com/questions/1172607/redirect-traffic-from-bridge-to-http-proxy - I am currently using this configuration but with privoxy instead of tinyproxy, which will (as well as ad blocking) route HTTP requests through a SOCKS proxy.
– user5321531 – 2017-03-12T05:05:13.180