[Tor-BSD] OpenBSD pf rules...

Seth list at sysfu.com
Wed Nov 26 22:12:38 EST 2014

On Wed, 26 Nov 2014 13:17:28 -0800, Libertas <libertas at mykolab.com> wrote:

> I'm very new to packet filters and firewalls, but I'm wondering how
> much security this really offers. I feel like allowing a large,
> dynamically updated list of outgoing ports probably doesn't do much as
> compared to just allowing everything. Can anyone give an example case
> in which this would help?

Egress filtering is just applying the 'default deny' security philosophy  
to outbound traffic.

Between the Tor ReducedExitPolicy and the various ORports used in the Tor  
network, the number of ports you need to open to make it work on a Tor  
exit node is pretty insane.

Does egress filtering even offer any worthwhile protection at that point?  
I'm not knowledgeable enough to say.

I chose to implement it partly out of 'default deny' dogma and habit,  
partly for the challenge,

More information about the Tor-BSD mailing list