On Thu, 10 Jul 2014 19:48:06 -0700 "Greg Moss" <gmoss82@xxxxxxxxx> wrote: > Thanks for the help. I have my ORport and DIRport defined in torrc and > forwarded through the firewall up to the Tor Relay. I was just wondering in > regards to outbound traffic from the server itself. In the event it gets > compromised I really hate to open all ports outbound let alone possible DNS > leaks and what not. Appoligize if this doesn't make since I just fired this > thing up yesterday and want to make sure it is secure. You do need to have all ports open outbound. The reason is, your relay needs to be able to connect to all other relays, and people run their relays on all sorts of weird ports. However one thing to consider would be to restrict outbound port 22 and port 53 outbound to not get into trouble with your provider due to suspicions of SSH bruteforcing / DNS reflection attacks. This will break a very small portion of circuits built via your relay, but hopefully solve more potential problems than this would cause. -- With respect, Roman
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays