[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] hardening a tor relay

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] hardening a tor relay
From: Paul Staroch <paulchen@xxxxxxxxxx>
Date: Thu, 22 May 2014 19:31:21 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 22 May 2014 13:28:08 -0400
In-reply-to: <1400718225.40138.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <1400718225.40138.YahooMailNeo@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0

Am 2014-05-22 02:23, schrieb Contra Band:
> # Allow incoming 9050
> iptables -A INPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow outgoing 9050
> iptables -A OUTPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow incoming 9051
> iptables -A INPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow outgoing 9051
> iptables -A OUTPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT

Do you actually need remote access to ports 9050 (Socks proxy) and 9051 (control port)? By default, Tor opens these ports on the loopback interface only.


Paul






_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] hardening a tor relay
  - From: Noilson Caio

References:
- [tor-relays] hardening a tor relay
  - From: Contra Band

Prev by Author: Re: [tor-relays] hardening a tor relay
Next by Author: Re: [tor-relays] Malicious or crappily configured exit node
Previous by thread: Re: [tor-relays] hardening a tor relay
Next by thread: Re: [tor-relays] hardening a tor relay
Index(es):
- Author
- Thread