[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Tor DDoS Mitigation iptables scripts update. Version 4.0.1
- To: Anders Trier Olesen <anders.trier.olesen@xxxxxxxxx>
- Subject: Re: [tor-relays] Tor DDoS Mitigation iptables scripts update. Version 4.0.1
- From: Chris <tor@xxxxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2022 04:01:13 -0500
- Autocrypt: addr=tor@xxxxxxxxxxxxxxx; keydata= mQINBFWMtxIBEADWtP+m+KK37yXz5i/w5nCjxpjwS6H2QTNIpHTx+444DxlX90L8GOLEOwS7 LRx/OJ/Vo+aqmAOL49Slejj6U29r8qJz7Nq7g+HfE9AilJMTvBWU5W21PF2wuKuQJLboPR4s iCnoHBg2ylds1aIweW126t01GBy+lvFJ/c6mqeHn69kq0VzJkMWv1YcIPaPMWj/foGf+yPp9 3hB2r8fIrY6q6jkQdP+mvBpn8rNteqgtGviMqCeQIwtaA3VcwQqcomSOjY4zBA7Uhse1iMF0 tjK3N0Bar/rV2zMu+jqppoat6E9y0AjshFCSgUMiZKIkMQ3oWEalkwyNXHpgcGb69WBKD+kl 5kJtOCP7aSs3VAR2xA86pX6lwfYlzNL2CsNzHGmkSm6mZygLpkQOOn9I3zDjhzGQ6j00I0P9 pi3a39BbgBrVYUa0O6NAIs816+vuHacR91jFvYQzMTQJ1cesRXnxvmDpaCuTLxFNWM2sORh3 BdBx3H0Xf5JNF11dJZ1b7XGxuPDA+hbSZwlU68EqptBocE9jlfTZ/ja0wx6Pgn137EKJ4ZUy d5PMp7eEUUfZFtEretfJ+IKJ+/UFjKRfgPiP6OY536TNzramtMsHN2uMsW18DY7oYaDZ2Nm/ EOg36Bjp8551gWnstogdjmoJAbmsN/WqZKuOYtZwrbEb485+8wARAQABtBpXQ0IhIDx3Y2JA d2Nic2VjdXJpdHkuY29tPokCoQQQAQgAizAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5j b2RpbmdAcGdwLmNvbXBncG1pbWUICwkIBwMCAQoCGQEaGGxkYXA6Ly9rZXlzZXJ2ZXIyLnBn cC5jb20FFgADAgEFHgEAAAAGFQoICQMCFiEE0cq5h5p8USgUPeenb/FtB2wEq2cFAmITVg0C GyMACgkQb/FtB2wEq2fPvBAAkJ3Z9lxFPVvGT5j40GnhsDkF7F0gJ2O1SNo+gTgWKs9Bn8MT 5UuShLhdXazFNfMLezjNXDWlRtEIIpoHkJ5MN/IPQmZ6/Pc/zLKfEIZVdD1HD6MImNVT8GyW vXuSrmQEqne7vV3CeoABXZSPyl7wiCibahlHyjPNmFcIpBY+EqSVKhTXwNgtquL5dJUUSwdz rwSoI9sNOQqcaqpyzZZOEUAEbqDImMMC3FsYf7p3VBmq0+fddxCVzoC0ibEf1YDPwZuVulbn URPv+O5AD+hQkAmYMXiI7As3FLnHY0XoimVhxnLKHPj+LZvYsrFczC808rnWuuW3ri05euLd P98/O4Y3Cpe88hFhaeG37Bp/wiwIzKXrYb0+pPf40GGUl1dI0694TgtV5Am1ithBiOJlL7IA I+/npSRitS751CpT8s9not5kQJVa7J9AIE0+7T20bR7dYXgLWyRank3vExOzy4GdeCeoFct9 M9WYEaxsp7dQdz4LNs0rndQeHkVr0nkwiQszeDrZntWGknMlXYx0wzJPF+RB1um1+YFs8bOA +N4qJ7MGejG4ucNC1DBkeZoAYYQJZfHWiyz1l3ncN9wOv9qNH7+zhSnyu3OwyjOa4GaIFtqj L2cjQI/LRU6J4hW+cN/G2weK5KPxntEyI5rPEqIR5AcmOvTqQrcSWLtnfdu5Ag0EVYy3FQEQ AM+zo7GBG+zkHJv+rK1RrwSCGeFdrHL1M6qHvvekc+29aId1i5V99C1fJo4a+Yl9LXFvS+p7 43rN/35FjR09FQx8wYUTRaYDYC287/Rwl1QI0AVzu7X4qnlnFvbij+BQyUXQyxoILQEoMjBA WnlQRe6OCMsi4AyozIvYCWZ2QG/03sMiQq9KCZM1UrTvBHGdtMaaq7b90VUZGCk+ME8Sz1b6 uSKjUttGqz+14U4c5lrMY5Ao4hZObsYwGq3JCfDfb8Ibiaj2qSRMC1lWBO6d/Cd3HD5jC1pE FFQHwZZmI26YIQMsrJ2+V7vWue/X+PUHMur2x6laMNE9ds06jipVV+ZQzzUp/V2Ledok2+4m f85sEOAC9mwloI2vjNqnyVM8k5VtnOAD86Y1I1wO87pthZSX5ZHmxkxxl+Vw5cx+siPo+etU FC+hHk7/zInv1lKnuVHrX2IHcW714l3I7RDaNWvLXuiAMY9M6loFLuG6VTXcrf2FI7BMgqXD dStznJNdBfslEbq5cOLXxfYKYbuwipJ/2LuaE3KVXcdebmBx12oMl8T/F70C1A+ynrfKecND eyar7OakYvxk6+lT7hdzkKzs9DDI75BU8SNKUKdWT/wl0d/6tTIQRhqySrcICGn6O+FU1ODh ccVrgPJiNBhRfXt4WG4P5yhSMnGXlywjzKoFABEBAAGJBEEEGAECAisFAlWMtxYFGwwAAADB XSAEGQEIAAYFAlWMtxUACgkQ//PgyfkqRnuEHQ//S626WYYerZMsjglzG9X+gRy9X15iYxm5 sfw2KMbVRXSkt++beT9R+4eefasdzOKzo37Hehnv8EpToKwk7nz5CFmPvicN/wZ4h4/UM1Jn wNMJH5QaLWzhNf+bD9a/8l+TUIMAfIQx+Ub82xgLFf1dD7JkIddH3WfEIOmDaoR9MlyLzglF +WKGaXZXYPkko6h7lZuq7rxkabtVohvQhk2UypwwfU25wqrI1i8RsivB5kFn7+UrgzulNCFM UDzvld/Ym6crqxGmYa0ayxnyTRzFdFGCA/A7fhuJo3WcJq8OuimV22BcXeK8t8cvijOmGFMR QZ74dh5yU/axg+EnWNsVQCwU8qjNgsm7vX2dfovE+8/tMFGh+NibfpXtfBtpQYpvYMsuQ4Z+ hxaozESGxWBmNXzZ9kPKrIQqTuut/tIe5IylISkfz0oTEskJp2E10zZq1mKIwtghlhmHXuA2 XW9/y7ivgoylHyDj+vopCeQo73UTNA5dOAfuzN8AyAaTo4cgki4KYq1mnKfMHp2yYku1RJEF 4BxqTeKfE2WdTYhsusqn6ZNT375hMYeA1pAbYfb3Ybh9NN4jxmXV5hMd15jQUdwwCZecK/34 zmgY9z2kV+9tbkofyc/8SJcYypqOPKIU4b6iPQdNyX2DoWuygEMtK+wLRxH/kTAQ9LYs7tM2 15MACgkQb/FtB2wEq2dU+Q/+NvoqGo1gDu+yvep5YhQLVyJZLvvYlMhQuGhYD02I22EeNZSh HPT2++9U2hbTAZuME+AZZfNVZUuc51BUZLXLYAwUE5+eJCyDq4amLiQaYYVJxK6q2XGcaSpJ K5gbR9U9BclXTLdcrpFUXLs2BTQvKRji8c6MjxTrmLgj5fKh4UAx4Aul0DkLH3lP+DgHmiLM JCPdTnyUpM5+TYe0spqybeEySWI5+e0BJHJkAYigdq97JWEvwnavvQo2mc9PRDyviVx/B21f jnqAmP9ihnWlBUc++jGLRAXfexpDvoWRaWCrNCh6SlNVfADgsnPmZeNx6IFVWSePVpn88Q1N RaNsAhEeFH7RxAHLzsxksbfHq18dUvv727E/JPtHF8gy6ymIdNgG9T0i24IxKhjZeDI+gHlp 6c85+R9P72tuf6K9RJ8qeM4EApwGADI5Y4hrlfpsoQhoxNe9AAuS1NJG+K43TxR1qGPirPq5 g7ZpbHrF3F4ZniPpAHYose6Dwy5iMIJcDITuZI9ek47UYtOkgdqOhcZVnKFXG7B1hWHX8G8L O3dJkuLU1JpZCg7BUXD4iQmlHd+niYwglexRtJBTdmzrbXHDSMVR1BaZuTyDY1pJTsJ9RkuP kMlJQPU9sRLT8Va+4ld4XXzJL9yjyP7WafiXaXrL+mew7zTcUNTtNFbwvS+5Ag0EVYy3GAEQ AL2lIVP8MSA4pviJ8D83MrJL5IEeR7CQwjWHFxh92T+M7JZVQ0pHkIMBHit1jRDo5MARqnR2 W14jZ6Nt7lVHQ8P7puOpYlvokDbv3+ln5JvgFvc/7P06VWesi24Ft5V8LBXGS9QZ8Jn031DE eGV+BVhX9UlF8U1WqWONRR1Sb3Nda+rg8n21fGGidUm+1gmjm50u9VYHb0ZK226OLfMASPYQ 8wt8ZSjkERK2fJwofGLZR1X67K3L4VuR7IQvS/xrY906oqZtl3/tjB2A7yFMWfxisv31kb/s mv3EWJspLs4eK+a3PZhHTsG4X1MQxP1UskM/9rx82aiMKENv8DsXxpvb+UPIX/AR4y2rwZwU KLYNVpGED9f/FcTxwozdl48GMsF/IQHQzYEu1LpAiznPj4icEGnjvdtABWk2ZMjhKYEXfTaj iEQxO3yaazkL9IuRssPIS87EwEKcIqIpxwXUBbEYKLe7XFijl+XkXKWl+35IYUzV/M0mLigE Xc4WReudjzVWF0jA/dP7Rsc1GEUq4vOxuiOOBiXxVKZPPWxU3MunGhhc8Cx8dEXf3FcDML2M px9WU5QxxuPon830KB4yz37tmgui5qkDaHuQkhTEwlvnP+ELo0yrw2CQXDqBVf77dmnUw9c9 jUPZmqsbrl4/nrbhQ89P8EhL2dKYfIH0iG6dABEBAAGJBEEEGAECAisFAlWMtxkFGwIAAADB XSAEGQEIAAYFAlWMtxgACgkQgIt/XQhd0uslbhAAruDf2E38K45HWP3qV0oDYnMNRIWq/dNZ qXHkmkSjmlKcbCHrklCb155Z9lLU75Yqtjax2KhiNCiNRHFhaSMuappO2pBhnHZqnlLbB250 FPWdu+mSzi4yi0pUrtEJ+Sksb4HyKZzfHIqaDV8XsCU1vPYu1b7rHkXVuFXP1HDKTGp7dimt VQ5vDSx0hikU6kFwYT685AC6VIFymGL6VxjwKwsZ1uR0/xAktryFAzVIRtnXV6jjQ7NoCkVV BrtQUAiVSxO0V7FeOmNhkoSAQewJKIhg0KjJ+le8+899ypw5+/JnnlvFbvv/ZKTNOMXi9oNO w8k2y+HyPx0PQjemb37JPTF7DgSkFqHpSPQ3UISMpceKByhOnnNhq92JsMp/Q3zVR+zvipj9 eOFNHxpoc0AFelcU1hnH61qUEutIsveGUvhw0IegWN0xxBD5KpGM3nwEqdJC6OnzqKwRD3TO tVGGHUA1lVkJu6AwwxPSyRDVGFIN8RBAMB4/ysuAKIraNWsIf0Y6fgXWLeaE2iuG43MWiYqR wtwrZ/R4nSBe+1EIUV4vIZXjpP6vLSfzeLnM8OHUw41TebDhfMwyMvIDaT3pnwpizTdoZ89g vJJJiDZmCWeWOV6HjMYhH5cg5VWor76uinG1fDRWJCbVUf5ZMYq+If5uLO893qMtA1oXcs5R /tsACgkQb/FtB2wEq2dMuw/+JQ6zm9C+tqReGGw1KM/39wVXTwnchJQKtSJYmcAsAd3tR7C5 e/xlX/ANLcjt/pZD9CKFdp9lBhT/yMzFFX7+k3UFspb+wPR83qjsZueEvf0VBC/FcW48vCJE BikGIGHpJhL3czSsLr6Tmtdy6D8iQ1HvWcZxAoZXa5h8J5T6QWD+u7TH7am+DZPg7ZqGA7zl Derbiiv9Xo8z4kRBO4eRin4funW7zPlpp9wOrsD8peTaw6QJcgZ/y60Ef+6Uz0FCngz8vq3O weXZFp87olPMsCoTZ/2gd9Q1346ozXGNfKIIrFeGnZhWSZIsbFrH1Eqm5bR/CwKFnPeQfogo JPKeTWX0john8EJAjkHwQOsypqzXGtFvL7k6tANL6V3A0lyhyC+GvfmSEUO+ey7s+VLK48QX 1JSr0kXenElTgzj3mKnCgRqf60oBTwepVXzwKahNhC5CJVQLfM3b1IS9y46sybyQQshup9YE sMaMBSyrSyiO6vaCwNhP6jWKwCK8FDyO78vOxfrUtcPahHb1YstnFLegLnrdl/OzanvfNB2s 54N5NCsONeKy3Iok1CTQbUb+ECIp16AN22lNICZoMj6csSR1S6Ah8Y3FVLSThaUpUMLMR9EE 4xEnRmqUaCvSvafjazfkbAUgxnN9V+CCVI68904gcm0Wkxk+u5KsBVFtVfY=
- Cc: Tor Mailing list <tor-relays@xxxxxxxxxxxxxxxxxxxx>
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Mon, 05 Dec 2022 04:43:38 -0500
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=wcbsecurity.com; s=default; h=Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:Cc:To:Subject:Sender :Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help: List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive; bh=gQjuMPMsEeTDMOsxonMTo+pjbzFq+cEY6dby2haaHhI=; b=hRVQHDItzQYV1LnXCypUaRivNf wOOVyR201ZH7p17Qx4e+PozVsJ8eEBe0Hot9DHsH7TAf/9Pkt0jypJiTgXV5blzsQr3sb2d0Ipi/F Lar0eNcHlTTBGWGRexH8DGG+1SCd3tX1tUGn4yXf+YGhZ0tar8a5i2Hh2+/Trt5M1AvMOxWa3Qi8k k9vUnTXbqF0AW9nCIp1VqXX94O7eDa5NbpStcKHfY6TKuZkdJDRBT3gFDjOltSgXmU5ukvFJMmXnf SGguloqY0p1KNVMM9CcBlqVIhMXeydUjq6srirjoARktPhN0BimLX47i+x9n1QChz0fhD4ohqdO8S xtwfEwZA==;
- In-reply-to: <CAJepwD1LVOCxA5bq_doS8eQ_Lan-_+EPD2+y54JCC354TqO74A@mail.gmail.com>
- List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
- List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
- List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
- List-post: <mailto:tor-relays@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
- References: <10a2e3c9-4577-f9a2-4e46-b564aad737d7@wcbsecurity.com> <CAJepwD3muqt-DAJUXsKAoZYQGw59k78BZHd7i_ei=cNZNu_LOQ@mail.gmail.com> <5ae5a5c1-dc1d-4bd0-b246-9b26594cae0b@wcbsecurity.com> <CAJepwD1LVOCxA5bq_doS8eQ_Lan-_+EPD2+y54JCC354TqO74A@mail.gmail.com>
- Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
I see.
I put together a script that will apply the rules to two addresses at a
time. I suggest that you run it for two of your relays and see if it
helps. If it does, all you have to do is change the IP Addresses and run
the script again until all your addresses are covered. It won't conflict
with the other rules.
And if it doesn't do what you're looking for, the script makes a back up
of your existing iptables rules. All you have to do is restore it and
everything goes back to how it was without having to reboot. You should
save that backup somewhere else as the second time you run the script,
the original back up will be overwritten.
you can get it here:
https://raw.githubusercontent.com/Enkidu-6/tor-ddos/dev/multiple/multi-addr.sh
Please note that this script won't work for the relay that has two
ORPorts. For that, you need to run the following script:
https://github.com/Enkidu-6/tor-ddos/blob/dev/multiple/two-or.sh
Let me know how it goes if you decide to have a go at it.
Cheers.
On 12/3/2022 6:29 AM, Anders Trier Olesen wrote:
> Hi Chris
>
> > Not at all. That's how I'm running my own relays. Just run the
> > **combined.sh** on each individual VM and you'll be fine.
>
> We do not run VMs. We run 12 Tor instances on a single host, and use
> ORPort + OutboundBindAddress to separate them. I.e:
> root@tor-exit:/etc/tor/instances# grep 'OutboundBindAddress\|ORPort'
> */torrc
> dotsrcExit1/torrc:ORPort 185.129.61.1:443 <http://185.129.61.1:443>
> dotsrcExit1/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:1]:443
> dotsrcExit1/torrc:OutboundBindAddress 185.129.61.1
> dotsrcExit1/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:1]
> dotsrcExit10/torrc:ORPort 185.129.61.10:443 <http://185.129.61.10:443>
> dotsrcExit10/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:10]:443
> dotsrcExit10/torrc:OutboundBindAddress 185.129.61.10
> dotsrcExit10/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:10]
> dotsrcExit2/torrc:ORPort 185.129.61.2:443 <http://185.129.61.2:443>
> dotsrcExit2/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:2]:443
> dotsrcExit2/torrc:OutboundBindAddress 185.129.61.2
> dotsrcExit2/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:2]
> dotsrcExit3/torrc:ORPort 185.129.61.3:443 <http://185.129.61.3:443>
> dotsrcExit3/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:3]:443
> dotsrcExit3/torrc:OutboundBindAddress 185.129.61.3
> dotsrcExit3/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:3]
> dotsrcExit4/torrc:ORPort 185.129.61.4:443 <http://185.129.61.4:443>
> dotsrcExit4/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:4]:443
> dotsrcExit4/torrc:OutboundBindAddress 185.129.61.4
> dotsrcExit4/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:4]
> dotsrcExit5/torrc:ORPort 185.129.61.5:443 <http://185.129.61.5:443>
> dotsrcExit5/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:5]:443
> dotsrcExit5/torrc:OutboundBindAddress 185.129.61.5
> dotsrcExit5/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:5]
> dotsrcExit6/torrc:ORPort 185.129.61.6:443 <http://185.129.61.6:443>
> dotsrcExit6/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:6]:443
> dotsrcExit6/torrc:OutboundBindAddress 185.129.61.6
> dotsrcExit6/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:6]
> dotsrcExit7/torrc:ORPort 185.129.61.7:443 <http://185.129.61.7:443>
> dotsrcExit7/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:7]:443
> dotsrcExit7/torrc:OutboundBindAddress 185.129.61.7
> dotsrcExit7/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:7]
> dotsrcExit8/torrc:ORPort 185.129.61.8:443 <http://185.129.61.8:443>
> dotsrcExit8/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:8]:443
> dotsrcExit8/torrc:OutboundBindAddress 185.129.61.8
> dotsrcExit8/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:8]
> dotsrcExit9/torrc:ORPort 185.129.61.9:443 <http://185.129.61.9:443>
> dotsrcExit9/torrc:ORPort [2001:67c:89c:702:1ce:1ce:babe:9]:443
> dotsrcExit9/torrc:OutboundBindAddress 185.129.61.9
> dotsrcExit9/torrc:OutboundBindAddress [2001:67c:89c:702:1ce:1ce:babe:9]
> dotsrcRelay1/torrc:ORPort 130.225.244.90:443 <http://130.225.244.90:443>
> dotsrcRelay1/torrc:ORPort [2001:878:346:1cf9:446a:c4eb:4548:7061]:443
> dotsrcRelay1/torrc:OutboundBindAddress 130.225.244.90
> dotsrcRelay1/torrc:OutboundBindAddress
> [2001:878:346:1cf9:446a:c4eb:4548:7061]
> dotsrcRelay2/torrc:ORPort 130.225.244.90:9001 <http://130.225.244.90:9001>
> dotsrcRelay2/torrc:ORPort [2001:878:346:1cf9:446a:c4eb:4548:7062]:9001
> dotsrcRelay2/torrc:OutboundBindAddress 130.225.244.90
> dotsrcRelay2/torrc:OutboundBindAddress
> [2001:878:346:1cf9:446a:c4eb:4548:7062]
>
> root@tor-exit:~# ip -br a
> lo UNKNOWN 127.0.0.1/8 <http://127.0.0.1/8> ::1/128
> eth0@if11 UP 130.225.244.90/30
> <http://130.225.244.90/30> 130.225.254.114/27
> <http://130.225.254.114/27> 185.129.61.1/24 <http://185.129.61.1/24>
> 185.129.61.2/24 <http://185.129.61.2/24> 185.129.61.3/24
> <http://185.129.61.3/24> 185.129.61.4/24 <http://185.129.61.4/24>
> 185.129.61.5/24 <http://185.129.61.5/24> 185.129.61.6/24
> <http://185.129.61.6/24> 185.129.61.7/24 <http://185.129.61.7/24>
> 185.129.61.8/24 <http://185.129.61.8/24> 185.129.61.9/24
> <http://185.129.61.9/24> 185.129.61.10/24 <http://185.129.61.10/24>
> 2001:67c:89c:702:1ce:1ce:babe:10/48 2001:67c:89c:702:1ce:1ce:babe:9/48
> 2001:67c:89c:702:1ce:1ce:babe:8/48 2001:67c:89c:702:1ce:1ce:babe:7/48
> 2001:67c:89c:702:1ce:1ce:babe:6/48 2001:67c:89c:702:1ce:1ce:babe:5/48
> 2001:67c:89c:702:1ce:1ce:babe:4/48 2001:67c:89c:702:1ce:1ce:babe:3/48
> 2001:67c:89c:702:1ce:1ce:babe:2/48 2001:67c:89c:702:1ce:1ce:babe:1/48
> 2001:878:346::114/48 2001:878:346:1cf9:446a:c4eb:4548:7062/48
> 2001:878:346:1cf9:446a:c4eb:4548:7061/48 fe80::216:3eff:fed5:6809/64
>
> root@tor-exit:~# ss -s
> Total: 139982
> TCP: 148318 (estab 128481, closed 8757, orphaned 527, timewait 8744)
>
> Transport Total IP IPv6
> RAW 1 0 1
> UDP 247 193 54
> TCP 139561 125849 13712
> INET 139809 126042 13767
> FRAG 0 0 0
>
> It would be really nice if you could update the scripts to support
> this kind of setup! And maybe also consider using plain nftables
> instead of relying on the legacy iptables compatibility layer :)
>
> Best regards
> Anders
>
> On Thu, Dec 1, 2022 at 6:42 PM Chris <tor@xxxxxxxxxxxxxxx
> <mailto:tor@xxxxxxxxxxxxxxx>> wrote:
>
> Hi Andres,
>
> Not at all. That's how I'm running my own relays. Just run the
> **combined.sh** on each individual VM and you'll be fine.
>
> As for the ORPort, yes, I agree. There are ways to read the torrc file
> and set the ORPort automatically. I will incorporate that into the
> scripts in future versions. My original intention was to put something
> simple together with minimum complexity that anyone with little or no
> expertise can understand and modify if necessary without breaking
> the code.
>
> I've also set up a [Discussion
> Board](https://github.com/Enkidu-6/tor-ddos/discussions) for the
> repository on github in case you have any questions, suggestions or
> simply need further help.
>
>
> On 12/1/2022 11:57 AM, Anders Trier Olesen wrote:
> > Hi Chris
> >
> > We run all the 12 dotsrc relays on a single host with many IP
> > addresses. Would we need to change anything?
> >
> > Btw, you can make the scripts find the all the OR ports by running
> > something like ‘ss -pl | grep tor’.
> >
> > - Anders
> >
> > tor. 1. dec. 2022 kl. 09.02 skrev Chris <tor@xxxxxxxxxxxxxxx
> <mailto:tor@xxxxxxxxxxxxxxx>
> > <mailto:tor@xxxxxxxxxxxxxxx <mailto:tor@xxxxxxxxxxxxxxx>>>:
> >
> > Background:
> >
> > A set of bash scripts used to apply iptables rules to fight the
> > current
> > DDoS attacks. They require no dependencies to install except
> > iptable/nftables which all Linux flavors already have and
> require no
> > particular expertise. The issue was discussed here:
> >
> > [issue
> >
> 40093](https://gitlab.torproject.org/tpo/community/support/-/issues/40093)
> >
> > Change log:
> >
> > Some modifications due to a change in the nature of the attacks.
> >
> > - Re ordered rules for more efficiency and reducing the load
> > - Removed the hashlimit rule as it puts more load on the system
> > with not
> > much overall benefit as the attackers have adapted to it and it
> > reduces
> > the size of the block list.
> > - Reduce the number of allowed concurrent connections to 2 if
> > you're not
> > a relay.
> > - Use of remove.sh cron script at regular intervals (optional)
> > will give
> > relays a chance to create up to 4 connections if they need to.
> > ******- Created a new cron file **refresh-authorities.sh**
> to refresh
> > your allow-list with the most up to date IP addresses for the
> > authorities and snowflake. Should be run daily.
> > - Removed an unnecessary line in the update files.
> > - Modified Readme.MD file to reflect new changes.
> >
> > The new modifications have been tested for two weeks now and the
> > systems
> > are running smoothly with no ill effect.
> >
> > You can read more and download here:
> >
> > [Enkidu-6 tor-ddos on
> Github](https://github.com/Enkidu-6/tor-ddos)
> >
> > To avoid occasional NTor drops a minimum NumCPUs 16 in torrc is
> > recommended.
> >
> > P.S.
> > The NumCPUs option is unfortunately poorly documented. It
> really has
> > nothing to do with the number of CPUs you have. It's about the
> > number of
> > worker threads Tor will create to deal with decryption of
> > onionskins. So
> > you can have two CPUs and still set NumCPUs to 16.
> >
> >
> > _______________________________________________
> > tor-relays mailing list
> > tor-relays@xxxxxxxxxxxxxxxxxxxx
> <mailto:tor-relays@xxxxxxxxxxxxxxxxxxxx>
> > <mailto:tor-relays@xxxxxxxxxxxxxxxxxxxx
> <mailto:tor-relays@xxxxxxxxxxxxxxxxxxxx>>
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> >
>
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays