I didn't look at all of them, but I've been tracing some of the IPs that have been blocked. Each one I've traced goes back to *.in-addr.arp. Even more interesting is that some of these connections get blocked, even though they're incoming on port 443, which allows traffic from anywhere!

Any ideas what in-addr.arp is, and why the firewall would block it even on allowed ports? I remember seeing this somewhere in the Unbound config, but the IP isn't the same, and I didn't set up any of the "local zones" in there.

On Thu, Aug 4, 2016 at 6:00 PM, Green Dream <greendream848@gmail.com> wrote:
That's my setup as well. My UFW looks like:

To                         Action      From
--                         ------      ----
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
xxx/tcp                   ALLOW       Anywhere

I have my DirPort set to 80 and ORPort on 443. The last line is my ssh port (I didn't want to broadcast it).

I also see the same type of blocked incoming packets. It's never been a problem. I think it's just the nature of the stateful firewall. Once connections are closed and no longer in the state table, additional packets are getting denied. That's my lazy/gut explanation, I don't have more time to think about it at the moment, but I don't think it's anything to worry about.


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays




--
Finding information, passing it along. ~SuperSluether