[tor-relays] Firewall rules as a "replacement" for MyFamily on a bridge?
Marco Gruß
tor-relays at email.todmue.de
Fri Oct 11 22:09:20 UTC 2019
Hi,
I have been running 2 middle relays for a while and now fired up
an obfs4 bridge (in a relay-free AS no less ;) as well.
I've been thinking, as MyFamily is a no-no for bridges, how about
firewalling the bridge from my nodes? If I add rules on my bridge
that prevent it from connecting to my other relays and prevent
my other relays from connecting to it (using iptables' -j REJECT,
which results in a "connection refused", as if the tcp port was
closed), it would be technically impossible for my bridge to
inadvertently build a circuit through one of my other relays.
(Well, it could of course still choose them as the second hop.)
Does this make any sense at all? Will this break stuff?
Thanks!
Best,
Marco
More information about the tor-relays
mailing list