If you do lines like the above, your Tor relay will be unable to reach other Tor relays that chose port 80 or port 110 for their ORPort or their DirPort. (People choose those ports because some users are behind firewalls that only allow connections to those ports.)
indeed. By personal choice, I have found it more convenient to exclude this traffic leaving my relay. I'll make scrips that create rules with these output ports only for Tor relays.
Thanks a lot mr. Roger.
On Fri, May 23, 2014 at 7:30 PM, Roger Dingledine arma@mit.edu wrote:
On Fri, May 23, 2014 at 06:16:56PM -0300, Noilson Caio wrote:
Block all output like http and smtp in my netfilter (Gnu Linux);
-A OUTPUT -p tcp -m tcp --dport 80 -j DROP -A OUTPUT -p tcp -m tcp --dport 110 -j DROP etc ..
Relays need to allow connections to all outgoing ports.
If you do lines like the above, your Tor relay will be unable to reach other Tor relays that chose port 80 or port 110 for their ORPort or their DirPort. (People choose those ports because some users are behind firewalls that only allow connections to those ports.)
https://www.torproject.org/docs/faq#OutboundPorts
--Roger
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays