Re: [tor-relays] Relay usage dropped 9x when enabling UFW. What UFW rules do other relay operators enact?

I have never used a frontend for IP/nftables. I have no idea what the scripts produce and whether they are correct.
The beauty of UNIX/Linux are the human-readable config text files that you can comment on as you wish.

Here are my tor-related UFW rules;
     To Action From
     -- ------ ----
[ 3] 9001 ALLOW IN Anywhere
[11] 9001 (v6) ALLOW IN Anywhere (v6)

I'm really confused how UFW firewalled most, but not all, of my relays
traffic. What UFW rules do other relay operators enact?

Maybe you could post your entire FW ruleset. ((Use pastebin)

First, no output filters: :OUTPUT ACCEPT

Here are default IP/nftables rules for Tor relays:

Here are my current nftables on my Frantech Exits:

You don't need to set up dynamic DDoS policies there. Francisco already does that on his Junipers.


On Dienstag, 18. Juni 2024 18:53:07 CEST admin--- via tor-relays wrote:

╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!