[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] hardening a tor relay



>If you do lines like the above, your Tor relay will be unable to reach
>other Tor relays that chose port 80 or port 110 for their ORPort or
>their DirPort. (People choose those ports because some users are behind
>firewalls that only allow connections to those ports.)

indeed. By personal choice, I have found it more convenient to exclude this traffic leaving my relay.
I'll make scrips that create rules with these output ports only for Tor relays.

Thanks a lot mr. Roger.




On Fri, May 23, 2014 at 7:30 PM, Roger Dingledine <arma@xxxxxxx> wrote:
On Fri, May 23, 2014 at 06:16:56PM -0300, Noilson Caio wrote:
> Block all output like http and smtp in my netfilter (Gnu Linux);
>
> -A OUTPUT -p tcp -m tcp --dport 80 -j DROP
> -A OUTPUT -p tcp -m tcp --dport 110 -j DROP
> etc ..

Relays need to allow connections to all outgoing ports.

If you do lines like the above, your Tor relay will be unable to reach
other Tor relays that chose port 80 or port 110 for their ORPort or
their DirPort. (People choose those ports because some users are behind
firewalls that only allow connections to those ports.)

https://www.torproject.org/docs/faq#OutboundPorts

--Roger

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays



--
Noilson Caio Teixeira de AraÃjo
https://ncaio.wordpress.com
https://br.linkedin.com/in/ncaio
https://twitter.com/noilsoncaio

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays