[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] webiron requesting to block several /24 subnet

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] webiron requesting to block several /24 subnet
From: Josef 'veloc1ty' Stautner <hello@xxxxxxxxxxx>
Date: Mon, 16 Nov 2015 13:20:42 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Mon, 16 Nov 2015 07:20:57 -0500
In-reply-to: <E724ED7A-6BDE-4380-8E0D-77C734039930@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <56269B34.9090603@xxxxx> <5626A704.4090805@xxxxxxxxxxx> <BFC2CBAA-4108-4D79-B7A5-63E12E25D2EC@xxxxxxxxx> <CAEs8i0jB61=7iS0WfAc4XyxNbajve38-hgoRL7SGtJppOsr+EQ@xxxxxxxxxxxxxx> <5649C216.3040508@xxxxxxxxxxx> <CAEs8i0jPLDXmX2gFq+j41jU5VyPZsbFvQ1J1MsOcy8eNo9CaFA@xxxxxxxxxxxxxx> <E724ED7A-6BDE-4380-8E0D-77C734039930@xxxxxxxxx>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Maybe something to add because I ran into a mistake:

ExitPolicy is a first match szenario.
The reject rules for abuse reports and stuff has to be the first one, afterwards your accept rules and then a reject *:*.

For exampe my current policy is:

ExitPolicy reject 5.133.182.0/24 # WebIron report
ExitPolicy reject 80.14.2.87/16 # [Ticket ID: 960950]
ExitPolicy reject 37.247.48.0/21 # #214673
ExitPolicy reject 62.67.194.130 # [Ticket ID: 869382]

ExitPolicy accept *:53        # DNS
ExitPolicy accept *:80        # HTTP
ExitPolicy accept *:8080      # HTTP
ExitPolicy accept *:443       # HTTPS
ExitPolicy reject *:*

~Josef

Am 16.11.2015 um 13:01 schrieb Tim Wilson-Brown - teor:

On 16 Nov 2015, at 22:58, Cristian Consonni <kikkocristian@xxxxxxxxx> wrote:

Ok, so you did block a range for a limited period. I will need to
learn how to do that.

Try:

ExitPolicy reject4 1.2.3.4/24:*

There's an extensive description of ExitPolicy in the tor man page.

Tim

Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP 968F094B

teor at blah dot im
OTR CAD08081 9755866D 89E2A06F E3558B7F B5A9D14F
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- Re: [tor-relays] webiron requesting to block several /24 subnet
  - From: Cristian Consonni
- Re: [tor-relays] webiron requesting to block several /24 subnet
  - From: Josef 'veloc1ty' Stautner
- Re: [tor-relays] webiron requesting to block several /24 subnet
  - From: Cristian Consonni
- Re: [tor-relays] webiron requesting to block several /24 subnet
  - From: Tim Wilson-Brown - teor

Prev by Author: Re: [tor-relays] webiron requesting to block several /24 subnet
Next by Author: Re: [tor-relays] Nagios/Icinga plugin check_tor_bandwidth for gathering bandwidth data
Previous by thread: Re: [tor-relays] webiron requesting to block several /24 subnet
Next by thread: Re: [tor-relays] webiron requesting to block several /24 subnet
Index(es):
- Author
- Thread