Excuse me, I must allow input to my system? It is so bad :(, I don't like to allow everyone.
On Sunday, December 11, 2016 2:44 AM, Jonathan Marquardt <m...@parckwart.de> wrote: You always need to allow some input as well in order for the Tor guard node to talk to your computer. Stateful Inspection is used for this. Here's a complete ruleset to accomplish what you asked for. All output is allowed, but no input, except it belongs to some output your computer previously did. # Stateful inspection for input and output iptables -A INPUT -j ACCEPT -m state --state RELATED,ESTABLISHED iptables -A OUTPUT -j ACCEPT -m state --state RELATED,ESTABLISHED # Allow loopback traffic iptables -A INPUT -i lo -j ACCEPT # Reject any other input iptables -A INPUT -j REJECT # Accept all output iptables -A OUTPUT -j ACCEPT Note that you also want to accout for IPv6 using ip6tables. It depends on your network though. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk