[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Firewall?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Firewall?
From: Roger Dingledine <arma@xxxxxxx>
Date: Sat, 11 Dec 2004 11:26:49 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sat, 11 Dec 2004 11:27:13 -0500
In-reply-to: <20041211031004.1418133C25@moria.seul.org>; from michael@s2g-limited.com on Fri, Dec 10, 2004 at 10:09:50PM -0500
References: <20041211031004.1418133C25@moria.seul.org>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.2.5.1i

On Fri, Dec 10, 2004 at 10:09:50PM -0500, Michael Laccetti wrote:
> Recently had to install a firewall on the server.  Was wondering what ports I
> should open incoming/outgoing?  I'm looking at the directory of servers, and
> see that my server has 3 ports listed beside it (9001, 9050, 9030), and a bit
> below has a bunch of accept/reject statements.  Are the first 3 incoming, and

Yes.

> the rest outgoing?

Yes.

Also, you should permit outgoing to 80, 443, and 9001-9033, even if you
set your exit policy to reject them, since your server will want to use
those to connect to directory servers and other ORs.

>  If so, can I modify the outgoing?  I can open a variety of
> ports, but I don't want to open too many.

You can modify it -- check out the 'ExitPolicy' section of
"src/config/torrc.sample.in".

But I should ask: why do you not want to open "too many"? I can understand
blocking incoming connections, if you have users who don't understand
security and keep running programs in vulnerable configurations. But
what are you protecting against by blocking outgoing connections?

--Roger

Follow-Ups:
- RE: Firewall?
  - From: Michael Laccetti

References:
- Firewall?
  - From: Michael Laccetti

Prev by Author: (FWD) Re: BitTorrent - can it be blocked?
Next by Author: Tor 0.0.9 is imminent
Previous by thread: Firewall?
Next by thread: RE: Firewall?
Index(es):
- Author
- Thread