Difficult. Undocumented.
Some information here:
Tor Browser Filtering
Most relevant.
As mentioned above, Tor Browser uses a Tor
SocksPortby default as per upstream default.
nftables(and its predecessoriptables) however does not inherently understand application-layer protocols like SOCKS. This is whynftablesfirewalls are unable to filter Tor Browser’s traffic. See SOCKS Firewalling for a detailed technical explanation.Firewall (IP, DNS) based filtering and would require either:
- A) Transparent Proxying: Using system default networking, i.e. not using a Tor
SocksPortand thereby breaking Stream Isolation.- B) DPI: Deep package inspection in case using a firewall. This is undocumented.
See also: Firewall implementation for Qubes Whonix ? - Support - Whonix Forum
related:
This might be Too Difficult.