[tor-talk] Tor and iptables.
mirimir at riseup.net
Mon Dec 12 06:33:23 UTC 2016
On 12/10/2016 07:16 AM, Jason Long wrote:
> I like to close all INPUT connections via iptables but I like to use TorBrowser, Then Which port(s) must be open?
> -A OUTPUT -p tcp -m tcp --dport 9151 -j ACCEPT
> Is it enough? How about "INPUT"? Must I open any input port too?
> Thank you.
You only need to allow input and output for the tor process. And input
for SSH, if you need that. Plus related/established, of course.
In Debian, run "id -u debian-tor". Then use that number (typically 108)
in an output rule. Tor input is allowed by related/established.
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -i lo -j ACCEPT
-A OUTPUT -m owner --uid-owner 108 -j ACCEPT
-A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -j DROP
More information about the tor-talk