In-/Outbound firewall configuration for Tor relay

["Peter Müller" <peter.mueller@link38.eu>]

[-- Attachment #1: Type: text/plain, Size: 1276 bytes --]

Hello,

for quite some time, IPFire includes Tor via Pakfire as an add-on.

Trying to set up a Tor relay there, I stumbled into several problems
regarding firewall rule configuration:

(a) Inbound
It turns out that Tor is not working correctly if GeoIP block is
active (this occurred after a reboot - strange). Of course, one
possibility is to disable GeoIP block at all, allow access to the
Tor relay ports, and deny any except those of legitimate countries
to other services on the firewall machine.

Since this enlarges the ruleset (already quite complex here :-| ),
I am wondering if there is a more simple way to achieve this.

(b) Outbound
For security reasons (surprise!), outgoing connections are heavily
limited here - only DNS, NTP and web traffic is allowed, and only
to a certain list of countries. Some call that "racist routing"...

This does not work with Tor since it needs to open connections to
almost any port on almost any IP address. Allowing outbound traffic
in general is out of question, so there seems to possibility left.

Besides from running a Tor relay in the local DMZ and apply the
firewall rules for this machine, is there another way?

Thanks, and best regards,
Peter Müller
-- 
"We don't care.  We don't have to.  We're the Phone Company."


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]