[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] What is iptables?
Mick!
Thank you. Iptables is a programme!
I'm off and reading. It appears I need them on my VPSs.
Robert
>> Ip tables are a mystery to me.
>> Can someone either explain them or point to a complete explanation,
>> please?
>>
>> Robert
>>
>> "Also, use iptables! If it is a dedicated VPS then drop anything you
>> dont recognize, "leaving only Tor ports (9001,9030 default) and maybe
>> a service port like 22 for SSH for "something. Port 9050 should not
>> be visible from outside..."
>
> Robert
>
> The linux kernel ships with a default network packet processing
> subsystem called netfilter (see http://www.netfilter.org/ for a
> description of the system). iptables is the mechanism by which you can
> define rules to apply to packet filtering in that system. Most people
> use iptables to set up default firewall rulesets allowing inbound
> traffic only to certain services and denying all others.
>
> For example, on a webserver you might wish to allow in only
> traffic aimed at ports 80 and, if you are running SSL/TLS, 443.
> (Of course if that webserver is running remotely you almost certainly
> need to allow in traffic to the ssh port to permit remote
> administration).
>
> This is not strictly on-topic for the tor list so you might care to
> spend some time perusing the netfilter web page and its related
> resources (FAQs, lists etc). Short term and if it helps you, I wrote
> some recommended iptables configuration scripts a while ago. See
> https://baldric.net/2012/09/09/iptables-firewall-for-servers/
>
> Note, however, that whilst /I/ believe those configurations to be
> safe and useful, I would not recommend that you blindly trust my
> scripts without first understanding what they do. Netfilter is
> complex, and trusting some unknown third party (me) with your
> firewall configuration may not be the best idea in the world. :-)
>
> Best
>
> Mick
>
> ---------------------------------------------------------------------
>
> Mick Morgan
> gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
> http://baldric.net
>
> ---------------------------------------------------------------------
____________________________________________________________
GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys
Works with AIMÂ, MSN Messenger, Yahoo! Messenger, ICQÂ, Google Talkâ and most webmails
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays