Tor & application-firewall support

Paul Campbell pau.campbe at
Tue Apr 24 12:49:49 UTC 2012

There's been some discussion on this mailing list about application-firewalls, and I wanted to say a word about Ubuntu's inability to filter internet connections at the application-level.

I work as a freelance journalist. On many occasions I recommend the use of Tor to sources in middle eastern and southeast Asian countries. For their own safety, they need an anonymous way to upload things to the internet and in general to communicate online.

I am a strong proponent of open-source software and am a fan of Debian and Ubuntu; however, I caution my sources against running the Tor client on Ubuntu because of Ubuntu's lack of support for application-firewalls. I often advise Microsoft Windows be used because application-firewall software exists that allows users to create a "Tor Profile": a firewall-settings profile that not only filters DNS lookups but also only allows outbound connections from the Tor client. All other applications are blocked from connecting to the internet while this profile is active.

When needing to use Tor, the source will activate the firewall software's user-created "Tor Profile" and then start a Tor browsing session. When finished browsing, the source will close Tor and change the firewall settings from the "Tor Profile" back to the default profile which in general allows all applications to connect to the internet. This setup ensures that no other applications "accidentally" connect to the internet during an active Tor session and "reveal" the source's true IP address.  

I'm sharing this because I hope to see Ubuntu gain this valuable feature-set. There are many advantages to being able to filter at the application-level. It's a feature sadly missing from Ubuntu. Hopefully it's something Ubuntu developers will address in the near future.

Paul Campbell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Ubuntu-devel-discuss mailing list