[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Relay usage dropped 9x when enabling UFW. What UFW rules do other relay operators enact?



On Dienstag, 18. Juni 2024 18:53:07 CEST admin--- via tor-relays wrote:

I have never used a frontend for IP/nftables. I have no idea what the scripts produce and whether they are correct.
The beauty of UNIX/Linux are the human-readable config text files that you can comment on as you wish.

> Here are my tor-related UFW rules;
>      To                         Action      From
>      --                         ------      ----
> [ 3] 9001                       ALLOW IN    Anywhere
> [11] 9001 (v6)                  ALLOW IN    Anywhere (v6)
> 
> I'm really confused how UFW firewalled most, but not all, of my relays
> traffic. What UFW rules do other relay operators enact?
Maybe you could post your entire FW ruleset. ((Use pastebin)

First, no output filters: :OUTPUT ACCEPT

Here are default IP/nftables rules for Tor relays:
https://github.com/boldsuck/tor-relay-bootstrap/tree/master/etc/iptables
https://github.com/boldsuck/tor-relay-bootstrap/blob/master/etc/nftables.conf

Here are my current nftables on my Frantech Exits:
https://paste.systemli.org/?052a70208b22aebe#4b8qoJU9MrPgopfhm9HPxARTwXmWVkwBP5XrVFMKqfgD

You don't need to set up dynamic DDoS policies there. Francisco already does that on his Junipers.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays