[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
-----BEGIN PGP SIGNED MESSAGE-----
Well, right now I'm operating in paranoia mode: one of the servers I maintain
was hacked, and the crew that setup shop included a whole batch of bots. Just
trying to hinder them, if it ever happens again.
- -----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On
Behalf Of Roger Dingledine
Sent: December 11, 2004 11:27
Subject: Re: Firewall?
On Fri, Dec 10, 2004 at 10:09:50PM -0500, Michael Laccetti wrote:
> Recently had to install a firewall on the server. Was wondering what
> ports I should open incoming/outgoing? I'm looking at the directory
> of servers, and see that my server has 3 ports listed beside it (9001,
> 9050, 9030), and a bit below has a bunch of accept/reject statements.
> Are the first 3 incoming, and
> the rest outgoing?
Also, you should permit outgoing to 80, 443, and 9001-9033, even if you set
your exit policy to reject them, since your server will want to use those to
connect to directory servers and other ORs.
> If so, can I modify the outgoing? I can open a variety of ports, but
> I don't want to open too many.
You can modify it -- check out the 'ExitPolicy' section of
But I should ask: why do you not want to open "too many"? I can understand
blocking incoming connections, if you have users who don't understand security
and keep running programs in vulnerable configurations. But what are you
protecting against by blocking outgoing connections?
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
-----END PGP SIGNATURE-----