[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] blocking >1 connections per ip address onto Tor DirPort



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I do have the following iptables rule here :

  # Tor
  #
  dirport=80
  orport=443

  $IPT -A INPUT -p tcp --destination-port $dirport --match conntrack --ctstate NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP
  $IPT -A INPUT -p tcp --destination-port $orport  --match conntrack --ctstate NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP


which seems to work fine. An

	$> ip6tables -nvL  

gives

14110  746K DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80 ctstate NEW #conn src/32 > 1
 230K   14M DROP       tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443 ctstate NEW #conn src/32 > 1

after few days so I do just like to ask here if the rules above are fine or if I overllooked something ?

- -- 
Toralf
PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNATURE-----

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZM4sxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqnGAQCPr7gkpaxRD3spzKp49l53A2H0
YOzXrw8G8vR8BtHZPQD+NE4Zhf7Y0w0JtKqy6E5bSowikeSJsKSDur8zxO+kf8E=
=UPak
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays