Re: [tor-relays] Why is UFW bllocking allowed TOR traffic?

2 Jul 2014


      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jeff
On 06/22/2014 12:43 PM, Jeff Odell wrote:
...
I was monitoring UFW today and noticed that it was periodically blocking allowed TOR traffic.  any
ideas why from those with more experience than I?
...
toradmin@IrvineTorExit:~$ sudo ufw status
Status: active
To                         Action      From

22                         ALLOW       Anywhere
9001/tcp                   ALLOW       Anywhere
9030/tcp                   ALLOW       Anywhere
80                         ALLOW       Anywhere
22 (v6)                    ALLOW       Anywhere (v6)
9001/tcp (v6)              ALLOW       Anywhere (v6)
9030/tcp (v6)              ALLOW       Anywhere (v6)
80 (v6)                    ALLOW       Anywhere (v6)
toradmin@IrvineTorExit:~$ sudo tail -f /var/log/syslog | grep DPT=9001
Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246977] [UFW BLOCK]
IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00
SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120
ID=10392 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0
...
Jun 22 15:38:12 IrvineTorExit kernel: [ 2159.246988] [UFW BLOCK]
IN=eth0 OUT= MAC=04:01:1b:5e:9a:01:28:8a:1c:64:cf:f0:08:00
SRC=92.108.200.200 DST=188.226.199.250 LEN=52 TOS=0x00 PREC=0x00 TTL=120
ID=10396 DF PROTO=TCP SPT=52000 DPT=9001 WINDOW=16652 RES=0x00 ACK URGP=0
...
Regards,
Jeff
_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
I see a considerable amount of these in my logs (Ubuntu 14.04 server,
UFW). Some time ago I asked about this on IRC with no resolve. I'm
afraid of it affecting Tor users (I don't know if it is), and I'm afraid
of these logs being created and stored on my exit relay. Because I have
received no answer, yet need to protect my relay with a manageable
firewall, I took the advice of someone on IRC and disabled my UFW logs
(my exit relay isn't used for anything else, and UFW will keep doing
it's job, while protecting the privacy of Tor users).
You can do this too via:
sudo ufw logging off
By the way, you may wish to "limit" port 22 instead, to prevent SSH
brute force attacks.
sudo ufw limit 22/tcp
(I don't allow 22/udp)
hope this helps a little.
- -- 
Christopher Sheats
yawnbox@gmail.com
GnuPG: 8397 7B9F D8BA 3EE5 71EF FDF3 C761 02B0 A531 D73D
...PGP SIGNATURE...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTtJnGAAoJEMdhArClMdc9eSUP/2XrazjtRQm1Z9rZrGOnWwe1
pJpVuLcsVq34yFIz9xonRnV6DohF+p4Ra1Umq/hnxxJU9X2LOcF44sekhVxguwIO
+LJ/hIE+FGuR1U0nlJiILiLO8vrwYUdfNcZ4EpOO4ZgSe1lG2gC2efeFdYZbXREO
xqmdunUv6bAHpOoWYrWPwG7R0dTQU9Zzf9HbJrjjY+ubQepHr9Wj+FDNp0iRXZYw
V+VFhdGk2FWODQrpbPfX0G7+uf2itM4ONBf76DNbyudefA5E091YjuTUiQhuIal1
Kdb59YsUME0Nxc8apl0WTUbOW0DmCJtIsYKgPlyNoz9/6R7Bi9VTqLWcsrz8xRGa
Z09j1/bzpQ8Cp6HWG92RpfCQfA3KUYKN2jUh/IeQRZfZtIc+viCHNys76PRv209T
hHgjLiNfzWv2PYKoko/ZrB5ZH8OvG8fWtIY2cinc/1rSBobAD88/oWn39EIVeUHu
JfYXBmc3WhYghGPbl4y4bczuKtdcItldLH8RAABTDZ8bFpxqgA1vRbT7oyFOuU+V
iZtbY3EB7CUkN9X8E7DbQoLQxMDXEE36RJ5hnJLe68VE5wMQx8vGwFzoOG125d23
xB8CYIkp+VB5bUDaTD5JHghEmeKH+RKGLpX+ICBy+Bp6/AK4WjXg9I4zERrLAQWL
KdYf6bA/ZUwLrFCZYI6o
=04+T
-----END PGP SIGNATURE-----

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

Re: [tor-relays] Why is UFW bllocking allowed TOR traffic?