this post was submitted on 09 May 2024
49 points (98.0% liked)
Privacy
31975 readers
241 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
Chat rooms
-
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Isn't gluetun for docker? Are there people running it on the host system?
Just use its proxy for the host system's needs...
How do you route all a host system's traffic through Gluetun? If you use routing tables, wouldn't it similarly be affected by TunnelVision? In which case you would still need a firewall on the host...
Also, the host system likely makes network requests right after boot, before a Gluetun container has time to start. How do you make sure those don't leak?
I am curious though, how you were able to route all host traffic through Gluetun. I know it can be used as a http/socks proxy, but I only know of ways to configure your browser to use that. What about other applications and system-level services? What about other kinds of traffic, like ssh?
I don't route all my system's traffic through Gluetun, my threat model doesn't need it, I just route relevant apps, e.g. package management is in the clear but firefox, SearXNG, and nicotine go via gluetun. SSH can look after itself, or I'm in dire trouble. If my threat model did need it, I'd be considering a similar solution to yours, but it'd be heavily cribbed from the known good of gluetun, basically the docker (podman) put to bare metal.
Yeah, it does come down to threat model and preference. If you only need to route specific apps, Gluetun sounds like a great solution.