I'm trying to block everything in outbound except tor with iptables. But without enabling icmp tor doesn't work, it's very strange since tor don't use icmp as my understanding. That's what I'm using right now:
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
That's all I have enabled in outbound. The default policy is DROP. If I remove icmp tor will stop working, otherwise everything works fine. I just want to understand why icmp is needed or if I'm doing something wrong.
P.S. I don't want to use a trasparent proxy if not needed.