Hi all,
I'm impressed by Tor and its contribution to freedom of speech and started to run some tor relays. The first one is https://atlas.torproject.org/#details/DBE3CE33BA8BF1CB98091EE2A72690DF8218C2...
and I have applied tight iptables to that as below.
Can somebody advise what should be add/remove to make it more efficient to tor network?
=========iptables-rules.sh==========
# Flushing all rules iptables -F iptables -X
# Setting default filter policy iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -P FORWARD DROP
#ipv4 udp drop all iptables -A INPUT -p udp -j DROP iptables -A OUTPUT -p udp -j DROP
#ipv6 udp drop all ip6tables -A INPUT -p udp -j DROP ip6tables -A OUTPUT -p udp -j DROP
# Allow unlimited traffic on loopback iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT ip6tables -A INPUT -i lo -j ACCEPT ip6tables -A OUTPUT -o lo -j ACCEPT
# Allow incoming SSH iptables -A INPUT -p tcp --dport xxx -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport xxx -m state --state ESTABLISHED -j ACCEPT
# Allow incoming 443 iptables -A INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing 443 iptables -A OUTPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming 9050 iptables -A INPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing 9050 iptables -A OUTPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming 9051 iptables -A INPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing 9051 iptables -A OUTPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT
# Allow incoming 9001 iptables -A INPUT -p tcp --dport 9001 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --sport 9001 -m state --state ESTABLISHED -j ACCEPT
# Allow outgoing 9001 iptables -A OUTPUT -p tcp --dport 9001 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A INPUT -p tcp --sport 9001 -m state --state ESTABLISHED -j ACCEPT
Thanks
Simon