[tor-relays] Relay operators: help improve this hardening document?

Andreas Krey a.krey at gmx.de
Fri Feb 6 17:08:48 UTC 2015


On Fri, 06 Feb 2015 11:08:47 +0000, when2plus2is5 at riseup.net wrote:
...
> Iptables is an advanced firewall. Iptables is a pain in the ass for new 
> users to expertly configure. Basic settings aren't difficult, but I 
> don't want basic.

I'm (apparently) in the minority on this, but my tor nodes don't have
any iptables - there is nothing than iptables could cover. To even
get anything running on the machine that could be shielded from
the outside (or to talk to the outside), you'd need a vuln in
either tor or ssh (or, for exit nodes, the DNS resolver).

...
> My personal opinion is the Tor community should be a champion of OPSEC 
> period, for everyone. But that is me. Anonymity, privacy, and security 
> go hand in hand.

I'd actually like to second that. It is one thing to write down
tornode-related opsec, and an entirely different thing to learn general
opsec and then condense that down to what a tor node requires of that
(and I'm not even sure if there is a general opsec primer we could point
people (i.e. me) to).

Hmm, perhaps I should get my credit card and see how the
amazon cloud tor nodes are preconfigured. ;-)

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800


More information about the tor-relays mailing list