On Fri, 06 Feb 2015 11:08:47 +0000, when2plus2is5@riseup.net wrote: ...
Iptables is an advanced firewall. Iptables is a pain in the ass for new users to expertly configure. Basic settings aren't difficult, but I don't want basic.
I'm (apparently) in the minority on this, but my tor nodes don't have any iptables - there is nothing than iptables could cover. To even get anything running on the machine that could be shielded from the outside (or to talk to the outside), you'd need a vuln in either tor or ssh (or, for exit nodes, the DNS resolver).
...
My personal opinion is the Tor community should be a champion of OPSEC period, for everyone. But that is me. Anonymity, privacy, and security go hand in hand.
I'd actually like to second that. It is one thing to write down tornode-related opsec, and an entirely different thing to learn general opsec and then condense that down to what a tor node requires of that (and I'm not even sure if there is a general opsec primer we could point people (i.e. me) to).
Hmm, perhaps I should get my credit card and see how the amazon cloud tor nodes are preconfigured. ;-)
Andreas