From: Mark Wooding <mdw@distorted.org.uk>
Date: Tue, 13 Jan 2009 18:11:39 +0000 (+0000)
Subject: vampire: Add accounting rules for Tor on the OUTPUT chain.
X-Git-Url: https://git.distorted.org.uk/~mdw/firewall/commitdiff_plain/d6dd88f5fe5213e6d5bdf944791e331edf283426?hp=78c56de162e7d1248eeaf10061c23dec184fe0e7

vampire: Add accounting rules for Tor on the OUTPUT chain.

This will tell me what I actually wanted to know.
---

diff --git a/vampire.m4 b/vampire.m4
index 450bdff..13e37bd 100644
--- a/vampire.m4
+++ b/vampire.m4
@@ -72,6 +72,10 @@ run iptables -A inbound -j ACCEPT \
 	-s 172.29.198.0/24 \
 	-p tcp --destination-port $port_squid
 
+## Watch outgoing Tor usage.
+run iptables -A OUTPUT -m multiport \
+	-p tcp --source-ports $port_tor_public,$port_tor_directory
+
 ## Other interesting things.
 dnsresolver inbound
 ntpclient inbound 158.152.1.76 158.152.1.204 194.159.253.2