{{Header}}
{{#seo:
|description=Host Firewall Settings and Testing
|image=Hostfirewall213213.jpg
}}
{{firewall_mininav}}
[[File:Hostfirewall213213.jpg|thumb]]
{{intro|
Host Firewall Settings and Testing
}}
= Upstream =
{{upstream_wiki}}
= Whonix specific =
== Filtering Ports ==
=== Introduction ===
From time to time a user asks which incoming/outgoing ports are required by {{project_name_gateway_long}}. The answer is:
* Incoming: none.
* Outgoing: all.
An alternative technique for controlling ports might be [[Corridor|corridor (a Tor traffic whitelisting gateway)]], since it can act as a firewall. [
[https://phabricator.whonix.org/T524 corridor for {{project_name_long}} KVM ticket]
]
=== Incoming ===
{{project_name_gateway_short}} itself does not open any ports. Users are advised to close all ports on the host as outlined in the [[Host_Firewall_Basics#How-to:_Install_and_Configure_a_Firewall|Host Firewall Essentials]] entry.
=== Outgoing ===
{{mbox
| image = [[File:Ambox_warning_pn.svg.png|40px]]
| text = '''Warning:''' This procedure is not recommended. Port-based filtering of outgoing traffic is not applicable (as in useful) in the case of {{project_name_gateway_short}}.
}}
Filtering outgoing ports is difficult, since Tor entry guards or bridges listen on a variety of different ports. Limiting ports Tor uses for outgoing traffic is still possible, but recommended against, since it reduces anonymity. The effect is fewer entry guards or bridges are made available to the user. If users wish to proceed despite the risk, follow the instructions below.
On {{project_name_gateway_short}}.
{{Open /usr/local/etc/torrc.d/50_user.conf}}
Add.
{{CodeSelect|code=
ReachableDirAddresses *:80
ReachableORAddresses *:443
## maybe: FirewallPorts PORTS
## See Tor manual: https://2019.www.torproject.org/docs/tor-manual.html.en
}}
Save.
{{Reload_Tor}}
This issue was also discussed [https://web.archive.org/web/20211028042010/https://sourceforge.net/projects/whonix/discussion/general/thread/3a0b673a/ in the old {{project_name_short}} forum].
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]