[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?
From: Marco Gruß <tor-relays@xxxxxxxxxxxxxxx>
Date: Sat, 12 Oct 2019 00:09:20 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 11 Oct 2019 20:55:28 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.20 (2009-06-14)

Hi,

I have been running 2 middle relays for a while and now fired up
an obfs4 bridge (in a relay-free AS no less ;) as well.

I've been thinking, as MyFamily is a no-no for bridges, how about
firewalling the bridge from my nodes? If I add rules on my bridge
that prevent it from connecting to my other relays and prevent
my other relays from connecting to it (using iptables' -j REJECT,
which results in a "connection refused", as if the tcp port was
closed), it would be technically impossible for my bridge to
inadvertently build a circuit through one of my other relays.
(Well, it could of course still choose them as the second hop.)

Does this make any sense at all? Will this break stuff?

Thanks!

Best,
Marco
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?
  - From: Roger Dingledine

Prev by Author: Re: [tor-relays] Some newbie questions
Next by Author: Re: [tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?
Previous by thread: Re: [tor-relays] Newbie qustion installing relay on Linux Mint
Next by thread: Re: [tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?
Index(es):
- Author
- Thread