Delivery-Date: Thu, 24 Jul 2014 08:42:11 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C6D761E0ADE
	for <archiver@seul.org>; Thu, 24 Jul 2014 08:42:09 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id B78692E7DB;
	Thu, 24 Jul 2014 12:42:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 28F0F2E72C
 for <tor-talk@lists.torproject.org>; Thu, 24 Jul 2014 12:39:02 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ToJHKj2bZtzQ for <tor-talk@lists.torproject.org>;
 Thu, 24 Jul 2014 12:39:02 +0000 (UTC)
Received: from glue.grepular.com (glue.grepular.com
 [IPv6:2001:470:1f09:450:731f:e912:44e3:1001])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.grepular.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id C0EE02E7BC
 for <tor-talk@lists.torproject.org>; Thu, 24 Jul 2014 12:39:01 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=lists.grepular.com; s=glue1; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=3GTQiw+Gl8NfgE3IUxpd5hIr4SbAIvbLQ2Z9NbTI/8I=; 
 b=KHk8mq+iCx8yW25RtTef106/i6rA5lxKQmhkAR5TOmi2MQkkR48xAxYqn3gSLGHDjoWE2fGcV71NfYGRMx/gwyK0GCBiIJuO5hwqMqvoeTFznqZNZQOVtJeTTjPwvbNVpwRfiTPcGyynoDDJfXXH/VVntJrt65abotTeW/pOZic=;
Received: from mike by glue.grepular.com with local (Exim 4.83_RC3)
 (envelope-from <tor@lists.grepular.com>) id 1XAIIT-0002bk-4r
 for tor-talk@lists.torproject.org; Thu, 24 Jul 2014 13:38:57 +0100
Date: Thu, 24 Jul 2014 13:38:57 +0100
From: Mike Cardwell <tor@lists.grepular.com>
To: tor-talk@lists.torproject.org
Message-ID: <20140724123857.GA9764@glue.grepular.com>
References: <53D0A151.6030801@tengu.ch>
MIME-Version: 1.0
In-Reply-To: <53D0A151.6030801@tengu.ch>
Subject: Re: [tor-talk] Android app: Torrific
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============4981178004680037230=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============4981178004680037230==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="DocE+STaALJfprDB"
Content-Disposition: inline


--DocE+STaALJfprDB
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* on the Thu, Jul 24, 2014 at 08:01:53AM +0200, CJ wrote:

> Just a small announce (not sure if this is the right ML, sorry).
> I'm developing an Android app allowing to block all IP traffic, and
> force only selected app through Orbot.
> This is done because neither Orbot nor AFWall (or other free, opensource
> Android iptables managment interface) seem to be able to do that???

One suggestion: Test this on a network which dishes out IPv6 addresses.
None of these Firewall apps seem to take IPv6 into consideration. So if
you wander onto a WiFi network which dishes out v6 addresses and then
one of your Apps tries to connect to a host which supports v6, like for
example Google or Facebook, then it will bypass your iptables rules.
You need to set up rules using ip6tables for IPv6 too.

Also, make sure that the rules are applied prior to any network
connectivity coming up.

--=20
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

--DocE+STaALJfprDB
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJT0P5hMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBD5uB/kBSp0gswtv
Budf5jRZELtkb91p7SC9hiwjXPhTbt2V2deLwkvuqzu/vSwFqDIPKRvohWS9dU/7
C3+tazaQCgPxX0HL59PYRFKux1cp3KLczi6Qd0abrlwKmV2z3MNKci3qeE3EUx7c
adv7hMBW3oOZ8Rs6Q3fhiOnAqs5hrtcGcTLt6/7WNQNnMhE2G/rSaos0Q8knnj2f
vs8hMBxyGVcMriTuP+f/onUUdyf9VoYI3+XAM0pQpn9fVi1bL9ChYjgegB0uE49A
/MrGQBjlNQ77MGlBnDxZaqVXfKfEqgQ0XBTrNP8fIL1bCEvN/RyiERy9WkI6+k5h
Te/qsHJ5ZZNE
=CvZL
-----END PGP SIGNATURE-----

--DocE+STaALJfprDB--

--===============4981178004680037230==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============4981178004680037230==--

