My iptables: -P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT # SSH running there-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # allow incoming comm to ORPort-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # allow incoming comm to DIRPort-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow all already established incoming connections-A OUTPUT -o lo -j ACCEPT # allow all outgoing connections-A OUTPUT -o eth0 -j ACCEPT
My ip6tables:-P INPUT DROP-P FORWARD DROP-P OUTPUT DROP-N ICMPv6_IN-N ICMPv6_OUT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m conntrack --ctstate NEW,ESTABLISHED -m tcp --dport 22 -j ACCEPT # SSH running there-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # allow incoming comm to ORPort-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # allow incoming comm to DIRPort-A INPUT -p ipv6-icmp -j ICMPv6_IN #pass all icmpv6 related traffic to new chain-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # allow all already established incoming connections-A OUTPUT -o lo -j ACCEPT-A OUTPUT -p ipv6-icmp -j ICMPv6_OUT #pass all icmpv6 related traffic to new chain-A OUTPUT -o eth0 -j ACCEPT # allow all outgoing connections-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 1 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 2 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 3 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 4 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT-A ICMPv6_IN -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT-A ICMPv6_IN -j DROP-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 128 -j ACCEPT-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 129 -j ACCEPT-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 133 -j ACCEPT-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 134 -j ACCEPT-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 135 -j ACCEPT-A ICMPv6_OUT -p ipv6-icmp -m icmp6 --icmpv6-type 136 -j ACCEPT-A ICMPv6_OUT -j DROP
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays