[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Exit policy reject fails
Hello @all,
I have a probleme with an reject rule which seems to fail.
Due to an message from WebIron against my exit relay I wanted to block a
subnet. My exit policy looks like this:
ExitPolicy accept *:53 # DNS
ExitPolicy accept *:80 # HTTP
ExitPolicy accept *:8080 # HTTP 2
ExitPolicy accept *:443 # HTTPS
ExitPolicy reject 5.133.182.0/24 # WebIron report
ExitPolicy reject *:*
After I added the reject rule I reloaded tor and thought the case is
done. But WebIron keeps sending me messages because of "ongoing attacks"
against a host in that subnet. Of course I trusted the reject rule and
ignored them. After the 6th mail I got suspicious and added an iptables
ACCEPT rule in my OUTPUT chain to have a look if there is really a
traffic flow. I just received another mail and checked the packet counter:
Chain OUTPUT (policy ACCEPT 116M packets, 159G bytes)
num pkts bytes target prot opt in out source
destination
2 142 8304 ACCEPT all -- * * 31.220.45.6/32
5.133.182.0/24 /* WebIron Block check */
There is traffic flowing from my relay IP 31.220.45.6 to the subnet. Can
somebody please hint me what I'm doing wrong?
Link to the relay in case you need more information:
https://atlas.torproject.org/#details/29E3D95332812F81F67FF31B3B1B842683D1C309
Thanks in advance,
~Josef
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays