Applications and Stream Isolation

If I installed the new application - Iceweasel or KVM and other, then I should manually change to configuration?
Why it does not work automatically?

Good day,

Because every program needs specific settings and we are unable to Support every program by setting these by hand.

Have a nice day,


1 Like

1 program - 1 port and 1 Tor-way.

And no problems.

Good day,

Sadly, Stream Isolation isn’t even close to being that simple. If you go through the procedure necessary to using a new program with it, you’ll notice this quite quickly.

Have a nice day,


1 Like

KVM no pre-configured? :frowning:

But it will work automatically in the future?

List of pre-configured applications:


KVM is not in the list. If it is not in the list, it is not pre-configured.


Is it possible for Whonix to implement some kind of a proxy somewhere to randomly choose a fresh Tor socks port for each application/connection and/or implement blacklist/whitelist filtering feature for destination hostname/ip addresses

I can do all of these easily using 3proxy on a different system, but I didn’t try it on Whonix

This could greatly improve security/anonymity for many different use cases.

For example: Block all traffic except some hidden addresses

For each connection might be possible but not advisable. Tor supports IsolateDestAddr and IsolateDestPort which we could enable on Tor’s TransPort. Reference:


The relevant sentence:

What are IsolateDestAddr and IsolateDestPort? You can learn about them in the Tor manual. See also tor-talk mailing list: Tor’s stream isolation features defaults. Usually, unless you know better, you are better off not using IsolateDestAddr or IsolateDestPort.

For each application would be great but I don’t see how it could be done all pre-configured by default.

I’m already using it outside Whonix, it’s very simple. You provide a list of ports for a rule and 3proxy does the rest when connections start coming in. And it is not necessarily for every connection, you can decide what you want to do with the connection depending on the source port or other filters and could add some whitelist/blacklisting at the same time. For example blocking advertisement hostnames from an application/port or whitelisting an application/port to only use certain destination ip/host/port/protocols and block the rest

Nest Virtualization a better and safer.
Second guest - VPN.
Host - VPN.
First guest - Whonix - Tor

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]