[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firewall?

On Fri, Dec 10, 2004 at 10:09:50PM -0500, Michael Laccetti wrote:
> Recently had to install a firewall on the server.  Was wondering what ports I
> should open incoming/outgoing?  I'm looking at the directory of servers, and
> see that my server has 3 ports listed beside it (9001, 9050, 9030), and a bit
> below has a bunch of accept/reject statements.  Are the first 3 incoming, and


> the rest outgoing?


Also, you should permit outgoing to 80, 443, and 9001-9033, even if you
set your exit policy to reject them, since your server will want to use
those to connect to directory servers and other ORs.

>  If so, can I modify the outgoing?  I can open a variety of
> ports, but I don't want to open too many.

You can modify it -- check out the 'ExitPolicy' section of

But I should ask: why do you not want to open "too many"? I can understand
blocking incoming connections, if you have users who don't understand
security and keep running programs in vulnerable configurations. But
what are you protecting against by blocking outgoing connections?