[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] what ip,port combinations do Tor clients need?

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] what ip,port combinations do Tor clients need?
From: Martin Kepplinger <martink@xxxxxxxxx>
Date: Tue, 08 May 2018 16:45:58 +0200
Cc: tor-relays@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 08 May 2018 10:46:17 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1525790759; bh=Ed0czCzDiBtgMFTiK5p9ChggRYFlc+dFoUK0OAD2Ec0=; h=Date:From:To:Cc:Subject:From; b=XidAGkwyADR6o07P89ccy05+IOznDYniGpnhGV57MW8hWzCKoYn7bSJ8SpSy9dI4s BQjnWC6QEMKxHO3CxyEp6gt8qlxLzbPa1JBTnsvX888MWsIvDPzTc00K0pUSPPc5oO 5EUsS5m2NPQ9neR6O5RrdPfjR1KMUMYV5DEFQob5Mu9Pnru8djSgluVJxiIbH1RMvI RGhVEksdpr7lzexh/a3CLfbaeG3v4z/X2WnDg9hUXiVwSwXpyrIVoEjiws0xbvqos4 xkURZzpmICzDT5wfJ3RCmxHHXo8fHakKnqeaIQ8nM9N1H4IdwpTY08HaLmRCfA1m3m vxMcu/oU5JXnw==
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Posteo Webmail

Hi,

How does a usable ipset (hash:ip,port) look like, so that it is awhitelist forin/out tcp connections? *Everything* else from/to the outside world isassumed

to be dropped. (DNS too).

* dir auths from src/or/auth_dirs.inc
* fallback dirs from scripts/maint/fallback.whitelist
* current guard relays (parsed from a consensus file)

anything else?

Bonus question: how would you write this whitelist in iptables rules,assuming you

have the complete ipset?

thanks

                                martin

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] what ip,port combinations do Tor clients need?
  - From: Jonathan Marquardt

Prev by Author: Re: [tor-relays] what ip,port combinations do Tor clients need?
Next by Author: Re: [tor-relays] Unable to confirm my ORPort is reachable
Previous by thread: Re: [tor-relays] "NoAdvertise" needed for IPv6 DirPort ?
Next by thread: Re: [tor-relays] what ip,port combinations do Tor clients need?
Index(es):
- Author
- Thread