hi vitex,
your script via-ssh combined with redsocks and pdnsd is a great piece of work!!!
i heavily tested it and it's now one of my favorite tools...
it's so easy to use and it's much more comfortable than other solutions i tried,
thank you, for your coding and that you share this script with us.
i hope many people will notice the impact of this script and will enhance their security in open networks that can be so easily suspicious environments...
i used your script with pdnsd and i can confirm that browsing is much faster than over tsocks or a manually established tunnel over >ssh -D 12345 host<...
i like to watch the log over >sudo /usr/local/etc/init.d/pdnsd start -mto -g<, cause it's so unbelievable what different communication partners are used just while establishing one single connection.
sometimes there are domains that i usually ban, but over dns-request, they get involved over a kind of officially used backdoor called dns...
you could do us a great favor:
do you see there a chance to include pdnsd in your script?
i think it would be a great and useful enhancement , f.e. used as an option for the via-ssh command to load pdnsd,
to start the daemon during the use of via-ssh and to stop it after the use of via-ssh...
(a nice candy could be a further option to open a log-terminal, that shows the communication established by pdnsd
Another vulnerability is executing a program that communicates with the outside world using some protocol other than TCP; traffic from such a program would not be protected by the proxy. The torsocks developers block all UDP traffic to protect against such a program. If there is any demand, I could add an option to do the same with an iptables rule.
i don't know these basics entirely, but is it perhaps possible to route or to nat UDP over the ssh-tunnel-host?
does it makes sense or is it even possilble?
to block all UDP is perhaps only one solution...
but i'm not sure what further consequences this block will cause...
otherwise it would be great, if you could just add such an iptables rule.
you did such a clear and easy to read coding that it would be great, if you could incorporate these few ideas.
thank you for your help.