Option to use corridor as host firewall rather than gateway?

[adrelanos]

There are good reasons for anonymity not to emit any non-Tor traffic while browsing with Tor. Example, correlation of torified and non-torified TLS HELLO gmt_unix_time:
https://trac.torproject.org/projects/tor/ticket/8751

One could use Tails or Whonix in a VM. And corridor firewall could run on the host to forbid any non-Tor traffic.

Could you add such a feature please?

Or would you accept a patch implementing this feature? Would require some if/else magic.

[rustybird]

It's really easy actually, just run iptables -I OUTPUT -j CORRIDOR and boom, you're using corridor as a local firewall. (Only the logging is a bit unintuitive in this case and needs to be documented.) I've been meaning to integrate this feature for some time now, and will look into it over the next weeks.

[adrelanos]

And net.ipv4.ip_forward should not be enabled then?

[rustybird]

Yes, unless you're using corridor as both a local firewall and a gateway.