"I prevent all users other than root from connecting to the Tor Control port with an > iptables rule which looks like this: > > iptables -A OUTPUT -o lo -p tcp --dport 9051 -m owner ! --uid-owner root -j REJECT" Thanks! That should work perfectly. Is there any way to make dport a wildcard? Ringo