<div dir="ltr">Sorry, also your /etc/shorewall/policy file should read:<div><br></div><div><div>net             all             DROP            notice</div><div># The FOLLOWING POLICY MUST BE LAST</div><div>all             all             REJECT          notice</div>
</div><div><br></div><div>to allow for whitelisting in rules file.</div><div><br></div><div>Regards,</div><div>T</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On 3 October 2013 21:03, Thomas Hand <span dir="ltr"><<a href="mailto:th6045@gmail.com" target="_blank">th6045@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi Jan,<div><br></div><div>Here is an example config for shorewall, pulled it straight off a relay I run.</div>
<div><br></div><div><div>#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP</div>
<div>SECTION NEW</div><div><br></div><div># Drop Ping from the "bad" net zone.. and prevent your log from being flooded..</div><div><br></div><div>#Ping(ACCEPT)   net             $FW</div><div>Ping(DROP)      net             $FW</div>

<div>ACCEPT          net             $FW             tcp     9001    #tor</div><div>ACCEPT         net             $FW             tcp     9030    #tor-dir</div><div>#ACCEPT          net             $FW             tcp     22      #ssh/dropbear</div>

<div>ACCEPT          net             $FW             tcp     80      #apache</div><div>#ACCEPT         net             $FW             tcp     443     #ssl apache</div><div><br></div><div># Permit all ICMP traffic FROM the firewall TO the net zone</div>

<div>ACCEPT          $FW             net             icmp</div></div><div><br></div><div><br></div><div>Paste that into your /etc/shorewall/rules file, uncomment lines as needed and then 'service shorewall restart'</div>

<div><br></div><div>Regards</div><span class="HOEnZb"><font color="#888888"><div>T</div></font></span><div><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On 2 October 2013 20:34, Jan Hendrik den Besten <span dir="ltr"><<a href="mailto:tor@janhendrik.eu" target="_blank">tor@janhendrik.eu</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
I installed tor a few days ago. It only runs fine if I stop my shorewall<br>
firewall. I found here some online help:<br>
<br>
<a href="https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ" target="_blank">https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ</a><br>
<br>
However, the shorewall-rules example given there doesn't work. It's<br>
mentioned the example is for shorewall v2.2.3 whereas the current version<br>
is v4.5.16.1.<br>
<br>
Does anyone have a latest exmple of the /etc/shorewall/rules file?<br>
<br>
thanks, Jan Hendrik<br>
--<br>
_______________________________________________<br>
tor-relays mailing list<br>
<a href="mailto:tor-relays@lists.torproject.org" target="_blank">tor-relays@lists.torproject.org</a><br>
<a href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays" target="_blank">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a><br>
</blockquote></div><br></div></div></div></div>
</blockquote></div><br></div>