I want to drop all non-Tor traffic in iptables and allow only traffic from Whonix-Gateway virtual machine on the host. My iptables config:
# Generated by iptables-save v1.8.2 on Sat May 18 15:54:56 2019 *filter :INPUT DROP [21:3717] :FORWARD DROP [0:0] :OUTPUT DROP [166:15284] -A INPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -s 127.0.0.1/32 -d 127.0.0.1/32 -j ACCEPT -A OUTPUT -m owner --uid-owner tor -j ACCEPT COMMIT # Completed on Sat May 18 15:54:56 2019
When I apply this config, I’m only able to do torified upgrades on the host and use torsocks commands. Whonix-Gateway doesn’t have access to the Internet. What I’m doing wrong?