[SOLVED] Block all Incoming connection and just open port 9050 and 9051

hack3rcon · 10-12-2015, 11:55 AM

Hello.
How can I use iptables in Debian for close all incoming connection and just open port 9050 and 9051 for Tor ?

Thank you.

berndbausch · 10-12-2015, 02:47 PM

To block everything, set DROP as a policy. You can also use REJECT, which means that the party that tries to connect will receive an ICMP packet as a reply.
To open 9050 and 9051, add two rules. I don't know whether Tor uses TCP or UDP, so adapt it if necessary.

Code:

iptables -P INPUT DROP
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9050 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9051 -j ACCEPT

The two ACCEPT lines can also be fused into one by specifying a port range.

linxpatrick · 10-13-2015, 02:58 PM

I don't use Debian Linux so I don't know if anything is installed by default but there are GUI tools that can help you set firewall rules. For example, OpenSUSE comes with a tool that is accessible with yast and I have installed FirewallBuilder for Ubuntu, which I believe would also work on OpenSUSE. If you wish to learn how to set iptables rules directly you can set them using one of these tools and then review them from the iptables command line.

hack3rcon · 10-15-2015, 03:26 AM

Quote:

Originally Posted by berndbausch

To block everything, set DROP as a policy. You can also use REJECT, which means that the party that tries to connect will receive an ICMP packet as a reply.
To open 9050 and 9051, add two rules. I don't know whether Tor uses TCP or UDP, so adapt it if necessary.

Code:

iptables -P INPUT DROP
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9050 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 9051 -j ACCEPT

The two ACCEPT lines can also be fused into one by specifying a port range.

Thank you.
Tor just use TCP.