[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] What is iptables?



Mick! 

Thank you. Iptables is a programme!
I'm off and reading. It appears I need them on my VPSs.

Robert 


>> Ip tables are a mystery to me.
>> Can someone either explain them or point to a complete explanation,
>> please?
>> 
>> Robert
>> 
>> "Also, use iptables! If it is a dedicated VPS then drop anything you
>> dont recognize, "leaving only Tor ports (9001,9030 default) and maybe
>> a service port like 22 for SSH for "something. Port 9050 should not
>> be visible from outside..."
> 
> Robert
> 
> The linux kernel ships with a default network packet processing
> subsystem called netfilter (see http://www.netfilter.org/ for a
> description of the system). iptables is the mechanism by which you can
> define rules to apply to packet filtering in that system. Most people
> use iptables to set up default firewall rulesets allowing inbound
> traffic only to certain services and denying all others.
> 
> For example, on a webserver you might wish to allow in only
> traffic aimed at ports 80 and, if you are running SSL/TLS, 443.
> (Of course if that webserver is running remotely you almost certainly
> need to allow in traffic to the ssh port to permit remote
> administration).
> 
> This is not strictly on-topic for the tor list so you might care to
> spend some time perusing the netfilter web page and its related
> resources (FAQs, lists etc). Short term  and if it helps you, I wrote
> some recommended iptables configuration scripts a while ago. See
> https://baldric.net/2012/09/09/iptables-firewall-for-servers/
> 
> Note, however, that whilst /I/ believe those configurations to be
> safe and useful, I would not recommend that you blindly trust my
> scripts without first understanding what they do. Netfilter is
> complex, and trusting some unknown third party (me) with your
> firewall configuration may not be the best idea in the world. :-)
> 
> Best
> 
> Mick
> 
> ---------------------------------------------------------------------
> 
>  Mick Morgan
>  gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
>  http://baldric.net
> 
> ---------------------------------------------------------------------

____________________________________________________________
GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys
Works with AIMÂ, MSN Messenger, Yahoo! Messenger, ICQÂ, Google Talkâ and most webmails


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays