[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] Ensure servers with >2 relays per IP do not get hit by rate limiting firewalls (by other relays)



Hi Tor operators,

Some of us took/will take advantage of the increase in allowed Tor relays per IPv4 address[1] to reduce costs for running Tor relays. This change will result in more relays sharing the same source IP address than before, which means other relays using rate limits on their ORPorts might need to make sure they do not
unintentionally block relay to relay connectivity.

Many relay operators deploy TCP SYN rate limiting packet filters theses days due to the ongoing DDoS issues. With the increase in Tor relays per IPv4 address, there might be more (new) connection coming from the same source IP.

If you have strict TCP SYN rate limits per source IP, please ensure that this change does not result in blacklisting relay to relay traffic. You could for example whitelist relay IP addresses or have less strict rate limits for them.

Thanks for reading,

https://applied-privacy.net
https://nothingtohide.nl

[1] https://gitlab.torproject.org/tpo/core/tor/-/issues/40744
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays