[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reapply exit policy on reload



On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote:
> I would definitely want to be able to change my exit policy by just sending
> a simple "kill -SIGHUP $pid".
> 
> So yeah, consider myself interested in this functionality.
> 
> But, don't we already have that implemented?
> 
> I remember changing my exit policy then doing "systemctl reload tor" and
> after a few hours, Metrics showed that SSH was now also rejected.

It's not about changing the exit policy via reload. Yes, that's always been 
possible.

It's about killing _existing_ connections that are currently DOSing us.

Example: 500K connections from IP 1.2.3.4
You create the reject policy,
ExitPolicy reject 1.2.3.4/32:*
do a reload and the _existing_ connections are terminated.

In order for this to work you have to use the new config option:
ReevaluateExitPolicy 1   # (Default 0)


And of course a version of Tor in which trinity's commit was merged ;-)

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays