NO_NAT_USERS clearnet / tunnel

singsong · June 1, 2016, 6:07pm

I didn’t notice the tunnel user in Whonix 12. New in v13?
What is that user used for? Only if VPN is used? Is it safe to comment that line in /usr/bin/whonix_firewall if I don’t use VPN?
Is it also safe to comment the line above where clearnet user gets non-tor-outgoing access?
Because I can’t see when I’ll ever need that and it’s an unnecessary risk IMO.
Also speeds up performance with less rules.
Thx

ps. if it’s fine to disable their access without breaking anything, then it would be nice to have an option in /etc/whonix_firewall.d/30_default.conf that we could change in 50_user.conf to make the change persistent.

Patrick · June 2, 2016, 11:00am

Yes.

Only active when using TUNNEL_FIREWALL setting.

It’s not required and manual edits are unsupported. ( Frequently Asked Questions - Whonix FAQ )

Same as above.

I wonder if that has any significance, is measurable…

The risk of something somehow magically appearing under the clearnet user is as likely as under the debian-tor user. The latter cannot be abolished.