[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor and iptables.



You always need to allow some input as well in order for the Tor guard node to 
talk to your computer. Stateful Inspection is used for this. Here's a complete 
ruleset to accomplish what you asked for. All output is allowed, but no input, 
except it belongs to some output your computer previously did.

# Stateful inspection for input and output
iptables -A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -m state --state RELATED,ESTABLISHED

# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# Reject any other input
iptables -A INPUT -j REJECT

# Accept all output
iptables -A OUTPUT -j ACCEPT

Note that you also want to accout for IPv6 using ip6tables. It depends on your 
network though.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk