[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] DDOS mitigation with nftables



On Tuesday, 22 October 2024 19:24 Top wrote:

> My tor relays[1] traffic decreased a lot and I think this *might* be
> connected to some kind of DDOS attack.
> So I wanted to use this situation to set up some DDOS protection.
> For that I stumbled upon Enkidus tor DDOS mitigation script. [2]
> However, this script is made for `iptables`, not `nftables`.
> I use `firewalld` with `nftables` on my system, since this seems to be
> the new default. [3]
> I don't really know that much about firewalls, so this situation
> overwhelms me a bit.

> So how can I apply proper DDOS protection firewall rules whilst using
> `nftables`?
> Is there some easy way to modify the script to make it work?

Nftables is just a single simple text file ;-)

My nftables examples:
https://github.com/boldsuck/tor-relay-bootstrap/tree/nft/etc

It's actually the same thing that Bo posted here:
https://gitlab.torproject.org/tpo/community/support/-/issues/40093

If you have an exit, surgprotector is more suitable.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays