On Tue, 5 Nov 2013 13:39:50 -0800 I beatthebastards@inbox.com allegedly wrote:
Ip tables are a mystery to me. Can someone either explain them or point to a complete explanation, please?
Robert
"Also, use iptables! If it is a dedicated VPS then drop anything you dont recognize, "leaving only Tor ports (9001,9030 default) and maybe a service port like 22 for SSH for "something. Port 9050 should not be visible from outside..."
Robert
The linux kernel ships with a default network packet processing subsystem called netfilter (see http://www.netfilter.org/ for a description of the system). iptables is the mechanism by which you can define rules to apply to packet filtering in that system. Most people use iptables to set up default firewall rulesets allowing inbound traffic only to certain services and denying all others.
For example, on a webserver you might wish to allow in only traffic aimed at ports 80 and, if you are running SSL/TLS, 443. (Of course if that webserver is running remotely you almost certainly need to allow in traffic to the ssh port to permit remote administration).
This is not strictly on-topic for the tor list so you might care to spend some time perusing the netfilter web page and its related resources (FAQs, lists etc). Short term and if it helps you, I wrote some recommended iptables configuration scripts a while ago. See https://baldric.net/2012/09/09/iptables-firewall-for-servers/
Note, however, that whilst /I/ believe those configurations to be safe and useful, I would not recommend that you blindly trust my scripts without first understanding what they do. Netfilter is complex, and trusting some unknown third party (me) with your firewall configuration may not be the best idea in the world. :-)
Best
Mick
---------------------------------------------------------------------
Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net
---------------------------------------------------------------------