[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
From: Tim Wilson-Brown - teor <teor2345@xxxxxxxxx>
Date: Thu, 28 Apr 2016 19:28:36 +1000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Apr 2016 05:28:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:subject:from:in-reply-to:date:message-id:references:to; bh=AwJu3WYn6m4lKTl41QUpo5+wkfvN7Nfuu/D7Er5YeJg=; b=yEYXkuXHCkhivUrOVjpBNiAa/MRrDm1RmvDO1fpTtoO/EGCsqrHlrNS/6dO+DpmU7K XDl6JHj5qX9dMT1PNNHzMzgjjCmsadO5+l4KugrtqPqSMS4z5LkOAhYhJPK+ScPHKi7T q5e9rBHaBVAZ4ihagGdUMV6VeguOYwWPp2NkSNQEyizLkY/+EZxOS4WuJSDAr4Ibm++C cgg2szp9ukopY981WOXbCUwtz5ZnWSDJZhiXR7NKk8at+RICvur9sv4V9HDg0F8xQtj2 DRq7Af3nAOeijkbA+MLA3RJn7YE8M1BV+5Eayred6m6vElZblP6BnSGotmUmGyKzDzWD 3rOA==
In-reply-to: <5721D562.6050507@xxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5721C814.7010401@xxxxxx> <5956C3BC-305C-473C-86DC-3ACA500C446E@xxxxxxxxx> <5721D562.6050507@xxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

> On 28 Apr 2016, at 19:18, Toralf FÃrster <toralf.foerster@xxxxxx> wrote:
> 
> Signed PGP part
> On 04/28/2016 11:14 AM, Tim Wilson-Brown - teor wrote:
> > Ports in, or ports out?
> Ports in I meant, sry.
> 
> > Closing inbound ports is a security precaution
> The question is - if there's no program listening on that port, does filtering that in-port has any effect ?

Normally, when there is a connection attempt to a closed port, your OS will reply and let the other end know the port is closed.
With iptables, you can blackhole (drop) these requests instead.
Or you can log them.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B
ricochet:ekmygaiu4rzgsk6n

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Dr Gerard Bulger

References:
- [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Toralf FÃrster
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Tim Wilson-Brown - teor
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Toralf FÃrster

Prev by Author: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
Next by Author: Re: [tor-relays] Announcing a shutdown of a relay
Previous by thread: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
Next by thread: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
Index(es):
- Author
- Thread