[tor-relays] what ip,port combinations do Tor clients need?

Martin Kepplinger martink at posteo.de
Tue May 8 14:45:58 UTC 2018


How does a usable ipset (hash:ip,port) look like, so that it is a 
whitelist for
in/out tcp connections? *Everything* else from/to the outside world is 
to be dropped. (DNS too).

* dir auths from src/or/auth_dirs.inc
* fallback dirs from scripts/maint/fallback.whitelist
* current guard relays (parsed from a consensus file)

anything else?

Bonus question: how would you write this whitelist in iptables rules, 
assuming you
have the complete ipset?



More information about the tor-relays mailing list