Re: [tor-relays] How to block IP address on exit node relay

Subject: Re: [tor-relays] How to block IP address on exit node relay

From: Niles Rogoff <me@xxxxxxxxxxx>

Date: Tue, 27 Aug 2013 00:10:45 -0400

Delivery-date: Tue, 27 Aug 2013 00:11:21 -0400

Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:content-type; bh=29a375Obpo2TenhPz9S3lCz2VmIRXIji5yzA1qunUhg=; b=oa2du446YUIHTFIZvg8J7sogLht81uDZpXwXNdbGBLG8i30hcutfk+TwawnhCWNhhy aQQK6TWYe8SZ98mv4kMiJHLlBRB/9kuQRZtoTXuGM0pv8cynKlDTQEBAmyiIDvnzKYFk FHd57h5vo5rwwD6HGD1R8D1TjBoIgbX7VS0I5ozB2nCCNaf1uwqj7+z+Vr0/Yblxi4bW JtlhN6c4xFQ3vhgT5wRTMQw9H+WH4RYRSbp19B4uKBictxCLKbD3UaMLnqql5NV75GKH ie+WV1LVpFbZZFCGdYFZMAMt2th2mCIrq3n25SMJdZvqoD41GjeqqyAdYZCJR3OGryxX Cerg==

In-reply-to: <521C21AA.6020100@xxxxxxxxxxxxxx>

List-archive: <http://lists.torproject.org/pipermail/tor-relays/>

List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>

List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>

List-post: <mailto:tor-relays@lists.torproject.org>

List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>

List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>

References: <07327B8C-0EBE-4FFF-8698-1A204FF932C5@xxxxxxxxxx> <521C21AA.6020100@xxxxxxxxxxxxxx>

Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx

Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

For an enter policy, there is the ExcludeNodes config option, which defines relays or locales never to be used in circuits.

On Mon, Aug 26, 2013 at 11:48 PM, krishna e bera <keb@xxxxxxxxxxxxxx> wrote:

On 13-08-26 04:57 PM, Piotrkowska wrote:
> I am running an exit node under reduced exit policy on a VPS. My
> provider requested that I block a specific IP address due to spam
> issues. I'm guessing I should add a line in the torrc file. Can
> anyone tell me the exact line I have to add to the torrc file to
> block the address?
>
> Something like: "reject 12.34.567.89" ?

Yes that exit policy would work, assuming that your provider wants to
block traffic from your exit node having that ip address as its
*destination*. You could specify a specific port as well, to avoid
blocking non-spam traffic of different types to that machine.

If your provider intends for traffic having that ip address as its
*origin* to be blocked, you will not be able to do so at your exit node.
I don't know of any such thing as an "entry policy" nor recommendations
for tor relay operators other than using good security practices to fend
off attacks.
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays