NO_NAT_USERS clearnet / tunnel

I didn’t notice the tunnel user in Whonix 12. New in v13?
What is that user used for? Only if VPN is used? Is it safe to comment that line in /usr/bin/whonix_firewall if I don’t use VPN?
Is it also safe to comment the line above where clearnet user gets non-tor-outgoing access?
Because I can’t see when I’ll ever need that and it’s an unnecessary risk IMO.
Also speeds up performance with less rules.

ps. if it’s fine to disable their access without breaking anything, then it would be nice to have an option in /etc/whonix_firewall.d/30_default.conf that we could change in 50_user.conf to make the change persistent.


Only active when using TUNNEL_FIREWALL setting.

It’s not required and manual edits are unsupported. ( https://www.whonix.org/wiki/FAQ#What_do_you_mean_by_unsupported.3F )

Same as above.

I wonder if that has any significance, is measurable…

The risk of something somehow magically appearing under the clearnet user is as likely as under the debian-tor user. The latter cannot be abolished.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Contributors] [Investors] [Priority Support] [Professional Support]