8 May
2018
8 May
'18
2:45 p.m.
Hi,
How does a usable ipset (hash:ip,port) look like, so that it is a whitelist for in/out tcp connections? *Everything* else from/to the outside world is assumed to be dropped. (DNS too).
* dir auths from src/or/auth_dirs.inc * fallback dirs from scripts/maint/fallback.whitelist * current guard relays (parsed from a consensus file)
anything else?
Bonus question: how would you write this whitelist in iptables rules, assuming you have the complete ipset?
thanks
martin