[tor-relays] hardening a tor relay
Roger Dingledine
arma at mit.edu
Fri May 23 22:30:08 UTC 2014
On Fri, May 23, 2014 at 06:16:56PM -0300, Noilson Caio wrote:
> Block all output like http and smtp in my netfilter (Gnu Linux);
>
> -A OUTPUT -p tcp -m tcp --dport 80 -j DROP
> -A OUTPUT -p tcp -m tcp --dport 110 -j DROP
> etc ..
Relays need to allow connections to all outgoing ports.
If you do lines like the above, your Tor relay will be unable to reach
other Tor relays that chose port 80 or port 110 for their ORPort or
their DirPort. (People choose those ports because some users are behind
firewalls that only allow connections to those ports.)
https://www.torproject.org/docs/faq#OutboundPorts
--Roger
More information about the tor-relays
mailing list