Your choice of tcpserver for the ControlPort proxy filter was well thought out to as to be included in TAILS too. When looking at the ticket and the referenced mailinglist discussion, I see that they’ve taken extra steps to try and protect the filter from DoS and invalid input, for example limiting the characters allowed to 128 and using Tor’s stem to further simplify the script. I don’t know if you implemented this, but wanted to let you know how far thy went.
Maximum string length is a good idea. Thanks for suggesting this! Implemented:
Whonix-Gateway’s firewall will reject more invalid packages in Whonix 9. Adding DDOS protection to Whonix-Gateway from Whonix-Workstation’s could be considered in another post. I don’t know yet if that would be useful.
Using stem is not on the horizon yet, since I am not a python coder. For that reason, and because command wildcards are not supported yet, I wouldn’t mind a python rewrite by someone else, though.