[tor-relays] hardening a tor relay
Noilson Caio
caiogore at gmail.com
Sat May 24 12:21:06 UTC 2014
>If you do lines like the above, your Tor relay will be unable to reach
>other Tor relays that chose port 80 or port 110 for their ORPort or
>their DirPort. (People choose those ports because some users are behind
>firewalls that only allow connections to those ports.)
indeed. By personal choice, I have found it more convenient to exclude this
traffic leaving my relay.
I'll make scrips that create rules with these output ports only for Tor
relays.
Thanks a lot mr. Roger.
On Fri, May 23, 2014 at 7:30 PM, Roger Dingledine <arma at mit.edu> wrote:
> On Fri, May 23, 2014 at 06:16:56PM -0300, Noilson Caio wrote:
> > Block all output like http and smtp in my netfilter (Gnu Linux);
> >
> > -A OUTPUT -p tcp -m tcp --dport 80 -j DROP
> > -A OUTPUT -p tcp -m tcp --dport 110 -j DROP
> > etc ..
>
> Relays need to allow connections to all outgoing ports.
>
> If you do lines like the above, your Tor relay will be unable to reach
> other Tor relays that chose port 80 or port 110 for their ORPort or
> their DirPort. (People choose those ports because some users are behind
> firewalls that only allow connections to those ports.)
>
> https://www.torproject.org/docs/faq#OutboundPorts
>
> --Roger
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--
Noilson Caio Teixeira de Araújo
https://ncaio.wordpress
<http://ncaio.ithub.com.br>.com<http://ncaio.ithub.com.br>
https://br.linkedin.com/in/ncaio <http://br.linkedin.com/in/ncaio>
https://twitter.com/noilsoncaio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140524/5fb00da1/attachment.html>
More information about the tor-relays
mailing list