[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

To: <tor-relays@xxxxxxxxxxxxxxxxxxxx>
Subject: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
From: "Dr Gerard Bulger" <gerard@xxxxxxxxxxxx>
Date: Fri, 29 Apr 2016 00:08:05 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 28 Apr 2016 19:09:24 -0400
In-reply-to: <57221FA0.40107@xxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays $exit, non-exit, bridge$" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5721C814.7010401@xxxxxx> <5956C3BC-305C-473C-86DC-3ACA500C446E@xxxxxxxxx> <5721D562.6050507@xxxxxx> <76FCAB8B-5088-47E8-B13E-5796F25279EE@xxxxxxxxx> <005e01d1a152$9268b1a0$b73a14e0$@bulger.co.uk> <57221FA0.40107@xxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
Thread-index: AQJyjiX310o+tCh9gRmhz+m6Je9AXwF+AqIUAYX0BjoC0oVwRgIRGZf8AmefP/+eC68EAA==

Thanks +++

Simple really


-----Original Message-----
From: tor-relays [mailto:tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx] On Behalf Of Daniel Llewellyn
Sent: 28 April 2016 15:35
To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?



On 28/04/16 14:33, Dr Gerard Bulger wrote:
> Currently the rules are thus: 
> -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT -A INPUT -p tcp -m tcp 
> --dport 9051 -j ACCEPT Which opens up those TOR ports on BOTH my IPs, 
> not what I want (OK torrc is listening to the second IP, but that is 
> fiddly to set up for each service)
>
> I want my normal ports to be open on 1st IP and shut on second IP.  
to block per IP Address you can amend to use the following form:

-A INPUT -p tcp -m tcp -d <your tor IP> --dport 9030 -j ACCEPT -A INPUT -p tcp -m tcp -d <your tor IP> --dport 9051 -j ACCEPT

P.S. this email is not GnuPG signed because I'm having issues with enigmail, ubuntu, gpg-agent and yubikey

--
Daniel Llewellyn, Bowl Hat
PGP/GnuPG Key ID: 0x0349ED21
4C9C BFAD 0069 D679 9660 BCD5 40C2 D958 0349 ED21


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Toralf FÃrster
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Tim Wilson-Brown - teor
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Toralf FÃrster
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Tim Wilson-Brown - teor
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Dr Gerard Bulger
- Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
  - From: Daniel Llewellyn

Prev by Author: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
Next by Author: Re: [tor-relays] Search warrant and house search because of an exit in DE
Previous by thread: Re: [tor-relays] does it make sense to close unused ports at a tor relay with iptables ?
Next by thread: [tor-relays] Announcing a shutdown of a relay
Index(es):
- Author
- Thread