Re: [Tails-dev] [review'n'merge 1.1.1] I2P boot parameter, …

Delete this message

Reply to this message
Author: Kill Your TV
Date:  
To: tails-dev
Subject: Re: [Tails-dev] [review'n'merge 1.1.1] I2P boot parameter, firewall rules, etc.
On Thu, 7 Aug 2014 09:36:48 +0000 (UTC)
intrigeri <intrigeri@???> wrote:

> I still don't get why I2P needs to talk to Tor's DNSPort. Why does it
> decide to talk to 127.0.0.1:5353, while the system resolver is
> configured to be 127.0.0.1:53?


I'm probably missing something that will be completely obvious to
someone else.

Around line 173 (in my workspace) is
            # Redirect system DNS to Tor's DNSport
            daddr 127.0.0.1 proto udp dport 53 REDIRECT to-ports 5353



but I thought that 
             outerface ! lo mod owner uid-owner i2psvc {
                 @if $use_i2p proto (tcp udp) ACCEPT;
             }


would allow DNS resolution. When it didn't, I explicitly ACCEPTED DNS
requests with

+                @if $use_i2p proto udp dport domain ACCEPT;
                 @if $use_i2p proto (tcp udp) ACCEPT;


because I thought that would override the redirect around line 173, but
DNS requests made by the i2psvc user still get redirected to the
TorDNS port. Since the explicit DNS exception didn't do what I
expected it to, I removed it.


> In the future, when marking a ticket as ready for QA, please de-assign
> it from you, so that we can easily see that nobody has committed to
> take care of the next steps yet. All the process is documented there:
> https://tails.boum.org/contribute/merge_policy/#index2h1
> Thanks!


Will re-read, thanks.

--
GPG ID: 0x5BF72F42D0952C5A
Fingerprint: BD12 65FD 4954 C40A EBCB F5D7 5BF7 2F42 D095 2C5A