[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Protecting exit-nodes by GeoIP based policy

On Mon, Sep 11, 2006 at 10:15:56AM CEST, glymr wrote:

Anyway, I've written the script, but I won't release it, since it
creates a vast amount of exit policy rules, which (I guess) would not be
acceptable :-/

In the native variant excluding all german subnets would be something
like 7000 lines of exit policies. Then I added some fuzzyness and also
filtered the IPs between two subnets, if the gaps between two ip-ranges
is $close enough. Still I had something like 3000 lines of exit policies
(for germany only). 

Either people will have to use really large sets of false positives (i.e.
filtering traffic even if the IP is not in the country they wanted), or
there'll has to be another way of doing this.

-- Lexi

> I may be mistaken, but just as is the practise with the linux kernel, it
> is not permissible to mix licenses when only interfaces are used, mixing
> licenses within a gpl licensed software unit is tainting the license but
> using an exported interface is not. The only thing that would be
> required would be a second license display to cover the two pieces of
> differently licensed software. GeoIP, as far as I know, has an
> interface, and does not have to be meshed directly with any software
> using it.
> > Maybe later today I might write a small bash-script that takes
> > GeoIP-Data and a tor-operators wishes and creates a set of
> > exit-policies. Then you have two separated solutions (thus the licenses
> > should not clash) and can integrate that in your current setup.
> > 
> > -- Lexi
> > 

Odwk.-Dlcrit. Kpxd Wdtpldodn, Ijht 4222, Qpk: +49 241 80 21419
IBQV Jjgvpl, Dlcritjqdy DU, Jvrilnqi. 55 - 52056 Jjgvpl - Spitjlz
| Oiht npdo lhi eiju hlo mpdsq phgv thnqpivjcq,
| Kjnnq Wvjlqjndp, tdq jkkpl dvipl Gvrpipl,
| Upilhlcq, Upinqjlo, Ptwcdlohls, Kpdoplngvjcq,
| Orgv, tpiyq phgv brvk! ldgvq rvlp Ljiivpdq vrpipl.