How to create a firewall rule that let's tor out safely?

[grimelog]

I have a Qubes system, which routes all internet traffic through whonix and tor to maintain privacy. Only problem is it's causing issues getting out of my firewall. How do I need to setup the firewall to let tor and whonix out, while not compromising the security of my firewall in the process?

[lilsense]

did you google it?

https://docs.opnsense.org/manual/how-tos/tor.html

[grimelog]

Yes, I did google it. I'm not looking for a plugin for running a node. I just want the firewall to let tor through with a rule. I'm also routing the traffic from Qubes through a Whonix VM. This way if my network gets compromised my PC is less likely to be compromised.

A plugin seems heavy handed for my use case. I want to understand more about routing through the firewall. I'd rather just setup a custom rule, as it seems more secure than adding a plugin with a ton of additional code.

[lilsense]

i's probably suricata or IPS set up that's blocking it...

[grimelog]

Seems to have been an issue with the DNS nameserver, and Qubes needing manual settings. Configured the LAN to use Unbound, and it seems to have fixed everything.