[tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

Tim Wilson-Brown - teor teor2345 at gmail.com
Thu Apr 28 09:28:36 UTC 2016

> On 28 Apr 2016, at 19:18, Toralf Förster <toralf.foerster at gmx.de> wrote:
> Signed PGP part
> On 04/28/2016 11:14 AM, Tim Wilson-Brown - teor wrote:
> > Ports in, or ports out?
> Ports in I meant, sry.
> > Closing inbound ports is a security precaution
> The question is - if there's no program listening on that port, does filtering that in-port has any effect ?

Normally, when there is a connection attempt to a closed port, your OS will reply and let the other end know the port is closed.
With iptables, you can blackhole (drop) these requests instead.
Or you can log them.


Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160428/ad14e43f/attachment.sig>

More information about the tor-relays mailing list