Mick! Thank you. Iptables is a programme! I'm off and reading. It appears I need them on my VPSs.
Robert >> Ip tables are a mystery to me. >> Can someone either explain them or point to a complete explanation, >> please? >> >> Robert >> >> "Also, use iptables! If it is a dedicated VPS then drop anything you >> dont recognize, "leaving only Tor ports (9001,9030 default) and maybe >> a service port like 22 for SSH for "something. Port 9050 should not >> be visible from outside..." > > Robert > > The linux kernel ships with a default network packet processing > subsystem called netfilter (see http://www.netfilter.org/ for a > description of the system). iptables is the mechanism by which you can > define rules to apply to packet filtering in that system. Most people > use iptables to set up default firewall rulesets allowing inbound > traffic only to certain services and denying all others. > > For example, on a webserver you might wish to allow in only > traffic aimed at ports 80 and, if you are running SSL/TLS, 443. > (Of course if that webserver is running remotely you almost certainly > need to allow in traffic to the ssh port to permit remote > administration). > > This is not strictly on-topic for the tor list so you might care to > spend some time perusing the netfilter web page and its related > resources (FAQs, lists etc). Short term and if it helps you, I wrote > some recommended iptables configuration scripts a while ago. See > https://baldric.net/2012/09/09/iptables-firewall-for-servers/ > > Note, however, that whilst /I/ believe those configurations to be > safe and useful, I would not recommend that you blindly trust my > scripts without first understanding what they do. Netfilter is > complex, and trusting some unknown third party (me) with your > firewall configuration may not be the best idea in the world. :-) > > Best > > Mick > > --------------------------------------------------------------------- > > Mick Morgan > gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 > http://baldric.net > > --------------------------------------------------------------------- ____________________________________________________________ GET FREE SMILEYS FOR YOUR IM & EMAIL - Learn more at http://www.inbox.com/smileys Works with AIM®, MSN® Messenger, Yahoo!® Messenger, ICQ®, Google Talk™ and most webmails _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
