We’re using IPFire with several public ALIAS-IPs configured. We also support the tor network as a relay and have one dedicated ALIAS IP-address in use for tor. Nevertheless port-scanning tools report that the configured ports for the tor-relay (9001, 9030) are open on even all the other IP-addresses. As there is no service answering on these IPs, this may not be critical but could be an information leak. - Unfortunately we did not succeed to create a firewall rule to make the ports seem to be closed. What can we do to stop this behaviour?
Thanks in advance.
Hi,
this is interesting. I thought Tor would open up its listeners on the IP addresses configured only.
It might be best to adjust our firewall rules for only processing packets to the IP address configured (if any), but that is unfortunately unimplemented at the time of writing, and I am not sure if it might come with other problems…
That being said, you can set up an iptables rule in the firewall.local script for dropping packets to port 9001 and 9030 on other IP addresses than the configured one.
Thanks, and best regards,
Peter Müller
Hello and thank you very much.
I need a little bit further assistance. Actually /etc/sysconfig/firewall.local is in default condition and looks like this:
#!/bin/sh
# Used for private firewall rules
# See how we were called.
case "$1" in
start)
## add your 'start' rules here
;;
stop)
## add your 'stop' rules here
;;
reload)
$0 stop
$0 start
## add your 'reload' rules here
;;
*)
echo "Usage: $0 {start|stop|reload}"
;;
esac
What do I have to add (and where) to drop any incoming traffic on ports 9001 tcp/udp and 9030 tcp/udp for the specific public IP-address “A.B.C.D”?
I guess that start-rules should inhibit access to these ports and stop-rules should re-allow access again? Am I right?
Thanks in advance
Recall: I decided to no longer support the tor network on this machine.
thanks.