[tor-talk] Tor and iptables.
Jonathan Marquardt
mail at parckwart.de
Sun Dec 11 10:44:11 UTC 2016
You always need to allow some input as well in order for the Tor guard node to
talk to your computer. Stateful Inspection is used for this. Here's a complete
ruleset to accomplish what you asked for. All output is allowed, but no input,
except it belongs to some output your computer previously did.
# Stateful inspection for input and output
iptables -A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED
iptables -A OUTPUT -j ACCEPT -m state --state RELATED,ESTABLISHED
# Allow loopback traffic
iptables -A INPUT -i lo -j ACCEPT
# Reject any other input
iptables -A INPUT -j REJECT
# Accept all output
iptables -A OUTPUT -j ACCEPT
Note that you also want to accout for IPv6 using ip6tables. It depends on your
network though.
More information about the tor-talk
mailing list