[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] What is iptables?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] What is iptables?
From: I <beatthebastards@xxxxxxxxx>
Date: Wed, 6 Nov 2013 11:11:21 -0800
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 06 Nov 2013 14:11:15 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; q=dns/txt; d=inbox.com; s=s1; h=mime-version:date:message-id:subject:from:to:content-type; bh=E1uODzW8zIJ7Y8GoKeymnpku21m/IFt2T+q6HKuFTsk=; b=ibilylZsvwlKgXSOHshVuaeMA6kpul0dvqAlRRp8rCX+FEV11FmV2VBnMfH056HCbd4X XbCHoTiZpUDtJBM8uP2O0tdKq1UJP/lV+x320fW+uTLl5uuZTNm/l2IeVrVgs2CYznPCK2 kBkBlXzifBiJBzml7aRt3kV0srvK/2N6c=
Domainkey-signature: q=dns; a=rsa-sha1; c=nofws; d=inbox.com; s=s1; h=mime-version:date:message-id:from:subject:to:content-type; b=fDUn+kj8cJYnEmJOEgD3wv+XN+gkDgw95gU7NAI/I9zb7AoHMvPFxZ7G/r1rACvPb89f wtF2jBYhcCaoBNDNBm+2INB/5DYVIT0YAssJRiEEk2IceFBKjlqfz189z2GB6ld7IuXPAg wQjg8R0MO3JyYpa+rOlmGOlJtqSRUpwuY=
In-reply-to: <20131106115119.6c77b0f9@xxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <cagt8d4pjxzstzcn9qpcpymwixoz2c3xbzplheohhncvzlonz+a@xxxxxxxxxxxxxx> <cagt8d4nfmw_ftqabczt_fs28v6vt7awv+1t0xwvsfgs5rmv0dq@xxxxxxxxxxxxxx> <2826286.sjnxgmfdgd@vostok> <843a2724182.00000709beatthebastards@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Mick! 

Thank you. Iptables is a programme!
I'm off and reading. It appears I need them on my VPSs.

Robert 


>> Ip tables are a mystery to me.
>> Can someone either explain them or point to a complete explanation,
>> please?
>> 
>> Robert
>> 
>> "Also, use iptables! If it is a dedicated VPS then drop anything you
>> dont recognize, "leaving only Tor ports (9001,9030 default) and maybe
>> a service port like 22 for SSH for "something. Port 9050 should not
>> be visible from outside..."
> 
> Robert
> 
> The linux kernel ships with a default network packet processing
> subsystem called netfilter (see http://www.netfilter.org/ for a
> description of the system). iptables is the mechanism by which you can
> define rules to apply to packet filtering in that system. Most people
> use iptables to set up default firewall rulesets allowing inbound
> traffic only to certain services and denying all others.
> 
> For example, on a webserver you might wish to allow in only
> traffic aimed at ports 80 and, if you are running SSL/TLS, 443.
> (Of course if that webserver is running remotely you almost certainly
> need to allow in traffic to the ssh port to permit remote
> administration).
> 
> This is not strictly on-topic for the tor list so you might care to
> spend some time perusing the netfilter web page and its related
> resources (FAQs, lists etc). Short term  and if it helps you, I wrote
> some recommended iptables configuration scripts a while ago. See
> https://baldric.net/2012/09/09/iptables-firewall-for-servers/
> 
> Note, however, that whilst /I/ believe those configurations to be
> safe and useful, I would not recommend that you blindly trust my
> scripts without first understanding what they do. Netfilter is
> complex, and trusting some unknown third party (me) with your
> firewall configuration may not be the best idea in the world. :-)
> 
> Best
> 
> Mick
> 
> ---------------------------------------------------------------------
> 
>  Mick Morgan
>  gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
>  http://baldric.net
> 
> ---------------------------------------------------------------------

____________________________________________________________
GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys
Works with AIMÂ, MSNÂ Messenger, Yahoo!Â Messenger, ICQÂ, Google Talkâ and most webmails


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
  - From: mick

Prev by Author: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Next by Author: Re: [tor-relays] Checking a bridge
Previous by thread: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Next by thread: Re: [tor-relays] Traffic in port 9050 in a relay (denial of service attack?)
Index(es):
- Author
- Thread