On Dienstag, 27. August 2024 00:44:02 CEST Roger Dingledine wrote: > > BridgeRelay 1 > > ORPort <port> > > ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy > > ServerTransportListenAddr obfs4 0.0.0.0:<port> > > ExtORPort auto > > ExitPolicy reject *:* > > ``` > > Looks good. You don't need the ExitPolicy line (you're just setting it > to the default), but it doesn't hurt to have it there. Yes, ExitPolicy reject *:* is default on non Exit relays but Socks port 9050 is open by default, I close it when not needed. SocksPort 0 SocksPolicy reject * the same applies to ControlPort: ControlPort 0 Once your bridge has been running stable for a few weeks, an advanced but experimental feature is to hide OrPort. ORPort 127.0.0.1:<port> ORPort [::1]:<port> AssumeReachable 1 > > > I have set two limits on the connections: > > ``` > > BandwidthRate 300 MBytes # I want to determine how much bandwidth I can > > allocate without impacting my network usage. IPv4Only > > ``` > > That's a huge bandwidthrate, so I expect your bridge will never get > anywhere close to reaching it. This is fine too. Also be sure to learn > about 'BandwidthBurst' in case its behavior is surprising to you. > If a bridge reaches 20-30 MBytes, that's already a lot. There are only very few (guard|exit) relays on Tor-Metrics that reach 100 MBytes. > Should an anti DDoS system be configured? You don't need that with a bridge, nor sysctl foo with a 1G nic and 1 - 2 relays. Apart from disabling ipv6 autoconf & dad, I leave the Debian defaults. -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays