This is already impossible, as both circuit and concurrent connection DoS both gets detected and the IP in question flagged and blacklisted. Please see the manual on this: https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled All the best, George On Sunday, August 4th, 2024 at 12:30 AM, lists@xxxxxxxxxxxxxxx <lists@xxxxxxxxxxxxxxx> wrote: > On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote: > > > I would definitely want to be able to change my exit policy by just sending > > a simple "kill -SIGHUP $pid". > > > > So yeah, consider myself interested in this functionality. > > > > But, don't we already have that implemented? > > > > I remember changing my exit policy then doing "systemctl reload tor" and > > after a few hours, Metrics showed that SSH was now also rejected. > > > It's not about changing the exit policy via reload. Yes, that's always been > possible. > > It's about killing existing connections that are currently DOSing us. > > Example: 500K connections from IP 1.2.3.4 > You create the reject policy, > ExitPolicy reject 1.2.3.4/32:* > do a reload and the existing connections are terminated. > > In order for this to work you have to use the new config option: > ReevaluateExitPolicy 1 # (Default 0) > > > And of course a version of Tor in which trinity's commit was merged ;-) > > -- > ╰_╯ Ciao Marco! > > Debian GNU/Linux > > It's free software and it gives you freedom!_______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Attachment:
publickey - hartley_george@proton.me - 0xAEE8E00F.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays