[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

RE: Firewall?

Hash: SHA1

Well, right now I'm operating in paranoia mode:  one of the servers I maintain
was hacked, and the crew that setup shop included a whole batch of bots.  Just
trying to hinder them, if it ever happens again. 

- -----Original Message-----
From: owner-or-talk@xxxxxxxxxxxxx [mailto:owner-or-talk@xxxxxxxxxxxxx] On
Behalf Of Roger Dingledine
Sent: December 11, 2004 11:27
To: or-talk@xxxxxxxxxxxxx
Subject: Re: Firewall?

On Fri, Dec 10, 2004 at 10:09:50PM -0500, Michael Laccetti wrote:
> Recently had to install a firewall on the server.  Was wondering what 
> ports I should open incoming/outgoing?  I'm looking at the directory 
> of servers, and see that my server has 3 ports listed beside it (9001, 
> 9050, 9030), and a bit below has a bunch of accept/reject statements.  
> Are the first 3 incoming, and


> the rest outgoing?


Also, you should permit outgoing to 80, 443, and 9001-9033, even if you set
your exit policy to reject them, since your server will want to use those to
connect to directory servers and other ORs.

>  If so, can I modify the outgoing?  I can open a variety of ports, but 
> I don't want to open too many.

You can modify it -- check out the 'ExitPolicy' section of

But I should ask: why do you not want to open "too many"? I can understand
blocking incoming connections, if you have users who don't understand security
and keep running programs in vulnerable configurations. But what are you
protecting against by blocking outgoing connections?

- --Roger

Version: PGP 8.1