Sorry, also your /etc/shorewall/policy file should read:

net             all             DROP            notice
# The FOLLOWING POLICY MUST BE LAST
all             all             REJECT          notice

to allow for whitelisting in rules file.

Regards,
T


On 3 October 2013 21:03, Thomas Hand <th6045@gmail.com> wrote:
Hi Jan,

Here is an example config for shorewall, pulled it straight off a relay I run.

#                                                       PORT    PORT(S)         DEST            LIMIT           GROUP
SECTION NEW

# Drop Ping from the "bad" net zone.. and prevent your log from being flooded..

#Ping(ACCEPT)   net             $FW
Ping(DROP)      net             $FW
ACCEPT          net             $FW             tcp     9001    #tor
ACCEPT         net             $FW             tcp     9030    #tor-dir
#ACCEPT          net             $FW             tcp     22      #ssh/dropbear
ACCEPT          net             $FW             tcp     80      #apache
#ACCEPT         net             $FW             tcp     443     #ssl apache

# Permit all ICMP traffic FROM the firewall TO the net zone
ACCEPT          $FW             net             icmp


Paste that into your /etc/shorewall/rules file, uncomment lines as needed and then 'service shorewall restart'

Regards
T


On 2 October 2013 20:34, Jan Hendrik den Besten <tor@janhendrik.eu> wrote:
Hi,

I installed tor a few days ago. It only runs fine if I stop my shorewall
firewall. I found here some online help:

https://trac.torproject.org/projects/tor/wiki/doc/TorFAQ

However, the shorewall-rules example given there doesn't work. It's
mentioned the example is for shorewall v2.2.3 whereas the current version
is v4.5.16.1.

Does anyone have a latest exmple of the /etc/shorewall/rules file?

thanks, Jan Hendrik
--
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays