<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
            class="Q4iAWc">An effect can definitely be seen.</span></span>
        <span class="JLqJ4b ChMk0b"><span class="Q4iAWc"><br>
          </span></span></span></p>
    <p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
            class="Q4iAWc">I now have an average of 30 relays and over
            600 IPs in the block list.</span></span></span></p>
    <p><span class="VIiyi" lang="en"><span class="JLqJ4b ChMk0b"><span
            class="Q4iAWc"><br>
          </span></span></span></p>
    <div class="moz-cite-prefix">Am 07.10.22 um 09:18 schrieb Chris:<br>
    </div>
    <blockquote type="cite"
      cite="mid:bc514f77-9e3b-ae6d-f1df-44ac68c00fd5@wcbsecurity.com">
      <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
      <p><font size="-1"><font face="Arial">Compare.sh will tell you how
            many of the IPs in the block list are relays. You've
            collected a lot more IPs in your block list. Open a terminal
            and type:<br>
          </font></font></p>
      <p><font size="-1"><font face="Arial"> ipset -L tor-ddos and
            you'll see how many IPs are sitting in your block list.</font></font></p>
      <p><font size="-1"><font face="Arial"><br>
          </font></font></p>
      <div class="moz-cite-prefix">On 10/6/2022 1:13 PM, Richie wrote:<br>
      </div>
      <blockquote type="cite"
        cite="mid:9200188f-ac88-ddbf-90db-00f1183f9f58@zuviel.org">Hoi,
        Chris, <br>
        <br>
        oh wow, that seems to help a lot. Uptime 1/2 hour now, load
        50-60% and six IPs collected according to compare.sh. No signs
        of overload yet. <br>
        <br>
        Thanks a lot, and i'll report, how things evolved. ATM, it looks
        like you can add the "n00b proof"-stamp to your concept :) <br>
        <br>
        Greets and thanks again, <br>
        Richie <br>
        <br>
        Am 06.10.22 um 11:47 schrieb Chris: <br>
        <blockquote type="cite">Hi Richie <br>
          <br>
          I was a bit lost myself having to deal with the scripts and
          additional packages to install. So I put something together
          for myself based on the same rules and added a few twists but
          in a simple text n00b proof format. It's as simple as copy and
          paste and because it's all in clear text, you can modify it
          without worrying about breaking any script. My rules are a tad
          more strict but you can modify them as you wish. But the
          concept is what @toralf has been implementing with a few
          twists for efficiency's sake. <br>
          <br>
          You can find them here: <br>
          <br>
          <a class="moz-txt-link-freetext"
            href="https://github.com/Enkidu-6/tor-ddos"
            moz-do-not-send="true">https://github.com/Enkidu-6/tor-ddos</a>
          <br>
          <br>
          <br>
          On 10/3/2022 6:26 AM, Richie wrote: <br>
          <blockquote type="cite">Hi, toralf, <br>
            <br>
            since i'm quite a n00b regarding iptables and shellscripts:
            are there somewhere n00b-proof setup instructions for the
            ddos protection scripts? <br>
            here: relay (schlafschaf) with the usual connection floods,
            running on Kubuntu (latest LTS) <br>
            <br>
            What i found out: <br>
            ipset is not installed per default, added via <br>
            sudo apt-get install iptables <br>
            Also installed as recommended: stem, jq <br>
            <br>
            Trivial, nevertheless: edited the ORPort address on Line 122
            <br>
            Outcommented Lines 79-103 (hetzner, zwiebeltoralf only) <br>
            <br>
            running the script results in output as with iptables -L,
            containing <br>
            tcp dpt:443 #conn src/32 > 30 <br>
            @ the "chain input ACCEPT" line <br>
            and no entries in the chain PREROUTUNG, OUTPUT, PREROUTING
            and OUTPUT lines. <br>
            <br>
            Strange: sudo watch ipv4-rules.sh results in <br>
            1: ipv4-rules.sh: not found <br>
            <br>
            My apologies if its not the right place to ask. <br>
            greetz <br>
            Korrupt <br>
            <br>
            Am 03.10.22 um 09:43 schrieb Toralf Förster: <br>
            <blockquote type="cite">On 9/30/22 17:57, Sandro Auerbach
              wrote: <br>
              <blockquote type="cite">30 minutes later still 22000
                connections... <br>
                Have you observed something similar? <br>
              </blockquote>
              <br>
              I reduced those spikes [1] by using certain iptables rules
              [2]. <br>
              <br>
              <br>
              [1] <a class="moz-txt-link-freetext"
                href="https://github.com/toralf/torutils/blob/main/sysstat.svg"
                moz-do-not-send="true">https://github.com/toralf/torutils/blob/main/sysstat.svg</a>
              <br>
              [2] <a class="moz-txt-link-freetext"
                href="https://github.com/toralf/torutils"
                moz-do-not-send="true">https://github.com/toralf/torutils</a>
              <br>
              <br>
              <br>
              _______________________________________________ <br>
              tor-relays mailing list <br>
              <a class="moz-txt-link-abbreviated moz-txt-link-freetext"
                href="mailto:tor-relays@lists.torproject.org"
                moz-do-not-send="true">tor-relays@lists.torproject.org</a>
              <br>
              <a class="moz-txt-link-freetext"
                href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
                moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
              <br>
            </blockquote>
            <br>
            _______________________________________________ <br>
            tor-relays mailing list <br>
            <a class="moz-txt-link-abbreviated moz-txt-link-freetext"
              href="mailto:tor-relays@lists.torproject.org"
              moz-do-not-send="true">tor-relays@lists.torproject.org</a>
            <br>
            <a class="moz-txt-link-freetext"
              href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
              moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
            <br>
          </blockquote>
        </blockquote>
        <br>
        _______________________________________________ <br>
        tor-relays mailing list <br>
        <a class="moz-txt-link-abbreviated moz-txt-link-freetext"
          href="mailto:tor-relays@lists.torproject.org"
          moz-do-not-send="true">tor-relays@lists.torproject.org</a> <br>
        <a class="moz-txt-link-freetext"
          href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays"
          moz-do-not-send="true">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
        <br>
      </blockquote>
      <br>
      <fieldset class="moz-mime-attachment-header"></fieldset>
      <pre class="moz-quote-pre" wrap="">_______________________________________________
tor-relays mailing list
<a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
</pre>
    </blockquote>
  </body>
</html>