On Sat, 4 Jun 2011 01:31:10 -0700 Mike Perry <mikeperry@xxxxxxxxxx> wrote: > Thus spake Jesus Cea (jcea@xxxxxxx): > > > On 03/06/11 16:13, tagnaq wrote: > > > If one out of 1000 circuits through your relay are failing because you > > > filter 443 while relaying 50Mbit/s I would find it acceptable, > > > but I fear it are far more. Do you have any stats? (I'm not sure how to > > > gather them.) > > > Mikes opinion is also be very valuable on such topics. > > > > If somebody can tell me where to look... > > You likely need to taylor your iptables rules to also log when you > reject these connections: > http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html This is a *very* dangerous thing for *any* relay to do. Does iptables have support for âcountersâ? > P.P.S. Your ISP is really crazy. I think âevilâ is more appropriate here -- on the other hand, âsufficiently advanced cluelessness is indistinguishable from maliceâ. > Have you thought about giving them a > link to a torstatus directory of Tor IPs so they can feed it to their > stupid IDS to whitelist for purposes of outgoing connections? We can > probably induce torstatus to produce a csv of this IP set if would > help. If, as Moritz Bartl said, his ISP's current Terms of Service for new customers explicitly prohibit Tor, they are likely to respond to this by making up an excuse to turn off his server completely. Robert Ransom
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays