On Fri, 06 Feb 2015 11:08:47 +0000, [email protected] wrote: ... > Iptables is an advanced firewall. Iptables is a pain in the ass for new > users to expertly configure. Basic settings aren't difficult, but I > don't want basic.
I'm (apparently) in the minority on this, but my tor nodes don't have any iptables - there is nothing than iptables could cover. To even get anything running on the machine that could be shielded from the outside (or to talk to the outside), you'd need a vuln in either tor or ssh (or, for exit nodes, the DNS resolver). ... > My personal opinion is the Tor community should be a champion of OPSEC > period, for everyone. But that is me. Anonymity, privacy, and security > go hand in hand. I'd actually like to second that. It is one thing to write down tornode-related opsec, and an entirely different thing to learn general opsec and then condense that down to what a tor node requires of that (and I'm not even sure if there is a general opsec primer we could point people (i.e. me) to). Hmm, perhaps I should get my credit card and see how the amazon cloud tor nodes are preconfigured. ;-) Andreas -- "Totally trivial. Famous last words." From: Linus Torvalds <torvalds@*.org> Date: Fri, 22 Jan 2010 07:29:21 -0800 _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
