On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote: > I would definitely want to be able to change my exit policy by just sending > a simple "kill -SIGHUP $pid". > > So yeah, consider myself interested in this functionality. > > But, don't we already have that implemented? > > I remember changing my exit policy then doing "systemctl reload tor" and > after a few hours, Metrics showed that SSH was now also rejected. It's not about changing the exit policy via reload. Yes, that's always been possible. It's about killing _existing_ connections that are currently DOSing us. Example: 500K connections from IP 1.2.3.4 You create the reject policy, ExitPolicy reject 1.2.3.4/32:* do a reload and the _existing_ connections are terminated. In order for this to work you have to use the new config option: ReevaluateExitPolicy 1 # (Default 0) And of course a version of Tor in which trinity's commit was merged ;-) -- ╰_╯ Ciao Marco! Debian GNU/Linux It's free software and it gives you freedom!
Attachment:
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays