[tor-relays] Why is UFW bllocking allowed TOR traffic?

Christopher Sheats yawnbox at gmail.com
Wed Jul 2 23:46:15 UTC 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jeff

On 06/22/2014 12:43 PM, Jeff Odell wrote:
> I was monitoring UFW today and noticed that it was periodically blocking allowed TOR traffic.  any
ideas why from those with more experience than I?
>
>
> toradmin at IrvineTorExit:~$ sudo ufw status
> Status: active
>
> To                         Action      From
> --                         ------      ----
> 22                         ALLOW       Anywhere
> 9001/tcp                   ALLOW       Anywhere
> 9030/tcp                   ALLOW       Anywhere
> 80                         ALLOW       Anywhere
> 22 (v6)                    ALLOW       Anywhere (v6)
> 9001/tcp (v6)              ALLOW       Anywhere (v6)
> 9030/tcp (v6)              ALLOW       Anywhere (v6)
> 80 (v6)                    ALLOW       Anywhere (v6)
>
>
> toradmin at IrvineTorExit:~$ sudo tail -f /var/log/syslog | grep DPT=9001
>
> Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246977] [UFW BLOCK]
IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00
SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120
ID=10392 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0
> Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246988] [UFW BLOCK]
IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00
SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120
ID=10396 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0
>
> Regards,
> Jeff
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

I see a considerable amount of these in my logs (Ubuntu 14.04 server,
UFW). Some time ago I asked about this on IRC with no resolve. I'm
afraid of it affecting Tor users (I don't know if it is), and I'm afraid
of these logs being created and stored on my exit relay. Because I have
received no answer, yet need to protect my relay with a manageable
firewall, I took the advice of someone on IRC and disabled my UFW logs
(my exit relay isn't used for anything else, and UFW will keep doing
it's job, while protecting the privacy of Tor users).

You can do this too via:

sudo ufw logging off

By the way, you may wish to "limit" port 22 instead, to prevent SSH
brute force attacks.

sudo ufw limit 22/tcp

(I don't allow 22/udp)

hope this helps a little.

- -- 
Christopher Sheats
yawnbox at gmail.com
GnuPG: 8397 7B9F D8BA 3EE5 71EF FDF3 C761 02B0 A531 D73D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtJnGAAoJEMdhArClMdc9eSUP/2XrazjtRQm1Z9rZrGOnWwe1
pJpVuLcsVq34yFIz9xonRnV6DohF+p4Ra1Umq/hnxxJU9X2LOcF44sekhVxguwIO
+LJ/hIE+FGuR1U0nlJiILiLO8vrwYUdfNcZ4EpOO4ZgSe1lG2gC2efeFdYZbXREO
xqmdunUv6bAHpOoWYrWPwG7R0dTQU9Zzf9HbJrjjY+ubQepHr9Wj+FDNp0iRXZYw
V+VFhdGk2FWODQrpbPfX0G7+uf2itM4ONBf76DNbyudefA5E091YjuTUiQhuIal1
Kdb59YsUME0Nxc8apl0WTUbOW0DmCJtIsYKgPlyNoz9/6R7Bi9VTqLWcsrz8xRGa
Z09j1/bzpQ8Cp6HWG92RpfCQfA3KUYKN2jUh/IeQRZfZtIc+viCHNys76PRv209T
hHgjLiNfzWv2PYKoko/ZrB5ZH8OvG8fWtIY2cinc/1rSBobAD88/oWn39EIVeUHu
JfYXBmc3WhYghGPbl4y4bczuKtdcItldLH8RAABTDZ8bFpxqgA1vRbT7oyFOuU+V
iZtbY3EB7CUkN9X8E7DbQoLQxMDXEE36RJ5hnJLe68VE5wMQx8vGwFzoOG125d23
xB8CYIkp+VB5bUDaTD5JHghEmeKH+RKGLpX+ICBy+Bp6/AK4WjXg9I4zERrLAQWL
KdYf6bA/ZUwLrFCZYI6o
=04+T
-----END PGP SIGNATURE-----

More information about the tor-relays mailing list