search

getumbrel / umbrel

A beautiful home server OS for self-hosting with an app store. Buy a pre-built Umbrel Home with umbrelOS, or install on a Raspberry Pi or any x86 system.
https://umbrel.com
Other
7.47k stars 534 forks source link

Non-standard Tor ports now being used? #1197

Open ardevd opened 2 years ago

ardevd commented 2 years ago

Prior to upgrading to v0.4.11 all Tor traffic was tunneled over port 443. After the upgrade I'm now seeing traffic to Tor nodes on a plethora of new ports, making it hard to make firewall rules for all of them.

DST=5.56.221.113 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=15818 DF PROTO=TCP SPT=48584 DPT=4020
DST=5.135.156.12 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=10913 DF PROTO=TCP SPT=34730 DPT=4899
DST=132.248.241.5 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=64856 DF PROTO=TCP SPT=57506 DPT=9101
DST=5.56.221.113 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=15819 DF PROTO=TCP SPT=48584 DPT=4020
DST=5.135.156.12 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=10914 DF PROTO=TCP SPT=34730 DPT=4899 
DST=198.98.107.209 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=8836 DF PROTO=TCP SPT=37840 DPT=8443
DST=52.43.55.7 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=5632 DF PROTO=TCP SPT=52362 DPT=11010 
DST=52.32.107.120 LEN=60 TOS=0x00 PREC=0x00 TTL=62 ID=65445 DF PROTO=TCP SPT=56966 DPT=12010

How can I configure what ports Tor can use?

ardevd commented 2 years ago

Probably a result of 73b5aeff47b84da7fc6747d12b39ff9674571f7a

ardevd commented 2 years ago

It's currently impossible to maintain a firewall ruleset for outbound traffic with this new tor proxy configuration. My Umbrel node is connecting through Tor using a ton of different ports.