[tor-relays] does it make sense to close unused ports at a tor relay with iptables ?

Daniel Llewellyn daniel at bowlhat.net
Thu Apr 28 14:35:12 UTC 2016



On 28/04/16 14:33, Dr Gerard Bulger wrote:
> Currently the rules are thus: 
> -A INPUT -p tcp -m tcp --dport 9030 -j ACCEPT
> -A INPUT -p tcp -m tcp --dport 9051 -j ACCEPT
> Which opens up those TOR ports on BOTH my IPs, not what I want (OK torrc is listening to the second IP, but that is fiddly to set up for each service)
>
> I want my normal ports to be open on 1st IP and shut on second IP.  
to block per IP Address you can amend to use the following form:

-A INPUT -p tcp -m tcp -d <your tor IP> --dport 9030 -j ACCEPT
-A INPUT -p tcp -m tcp -d <your tor IP> --dport 9051 -j ACCEPT

P.S. this email is not GnuPG signed because I'm having issues with enigmail, ubuntu, gpg-agent and yubikey

-- 
Daniel Llewellyn, Bowl Hat
PGP/GnuPG Key ID: 0x0349ED21
4C9C BFAD 0069 D679 9660 BCD5 40C2 D958 0349 ED21

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x0349ED21.asc
Type: application/pgp-keys
Size: 30863 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20160428/656d6b1e/attachment-0001.key>


More information about the tor-relays mailing list