[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Reapply exit policy on reload



This is already impossible, as both circuit and concurrent connection DoS both gets detected and the IP in question flagged and blacklisted.

Please see the manual on this:

https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled

All the best,
George

On Sunday, August 4th, 2024 at 12:30 AM, lists@xxxxxxxxxxxxxxx <lists@xxxxxxxxxxxxxxx> wrote:

> On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote:
> 

> > I would definitely want to be able to change my exit policy by just sending
> > a simple "kill -SIGHUP $pid".
> > 

> > So yeah, consider myself interested in this functionality.
> > 

> > But, don't we already have that implemented?
> > 

> > I remember changing my exit policy then doing "systemctl reload tor" and
> > after a few hours, Metrics showed that SSH was now also rejected.
> 

> 

> It's not about changing the exit policy via reload. Yes, that's always been
> possible.
> 

> It's about killing existing connections that are currently DOSing us.
> 

> Example: 500K connections from IP 1.2.3.4
> You create the reject policy,
> ExitPolicy reject 1.2.3.4/32:*
> do a reload and the existing connections are terminated.
> 

> In order for this to work you have to use the new config option:
> ReevaluateExitPolicy 1 # (Default 0)
> 

> 

> And of course a version of Tor in which trinity's commit was merged ;-)
> 

> --
> ╰_╯ Ciao Marco!
> 

> Debian GNU/Linux
> 

> It's free software and it gives you freedom!_______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Attachment: publickey - hartley_george@proton.me - 0xAEE8E00F.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays