[tor-relays] hardening a tor relay
Paul Staroch
paulchen at rueckgr.at
Thu May 22 17:31:21 UTC 2014
Am 2014-05-22 02:23, schrieb Contra Band:
> # Allow incoming 9050
> iptables -A INPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow outgoing 9050
> iptables -A OUTPUT -p tcp --dport 9050 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --sport 9050 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow incoming 9051
> iptables -A INPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A OUTPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT
>
> # Allow outgoing 9051
> iptables -A OUTPUT -p tcp --dport 9051 -m state --state NEW,ESTABLISHED -j ACCEPT
> iptables -A INPUT -p tcp --sport 9051 -m state --state ESTABLISHED -j ACCEPT
Do you actually need remote access to ports 9050 (Socks proxy) and 9051 (control port)? By default, Tor opens these ports on the loopback interface only.
Paul
More information about the tor-relays
mailing list