<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
  </head>
  <body>
    <p><font size="-1"><font face="Arial">Compare.sh will tell you how
          many of the IPs in the block list are relays. You've collected
          a lot more IPs in your block list. Open a terminal and type:<br>
        </font></font></p>
    <p><font size="-1"><font face="Arial"> ipset -L tor-ddos and you'll
          see how many IPs are sitting in your block list.</font></font></p>
    <p><font size="-1"><font face="Arial"><br>
        </font></font></p>
    <div class="moz-cite-prefix">On 10/6/2022 1:13 PM, Richie wrote:<br>
    </div>
    <blockquote type="cite"
      cite="mid:9200188f-ac88-ddbf-90db-00f1183f9f58@zuviel.org">Hoi,
      Chris,
      <br>
      <br>
      oh wow, that seems to help a lot. Uptime 1/2 hour now, load 50-60%
      and six IPs collected according to compare.sh. No signs of
      overload yet.
      <br>
      <br>
      Thanks a lot, and i'll report, how things evolved. ATM, it looks
      like you can add the "n00b proof"-stamp to your concept :)
      <br>
      <br>
      Greets and thanks again,
      <br>
      Richie
      <br>
      <br>
      Am 06.10.22 um 11:47 schrieb Chris:
      <br>
      <blockquote type="cite">Hi Richie
        <br>
        <br>
        I was a bit lost myself having to deal with the scripts and
        additional packages to install. So I put something together for
        myself based on the same rules and added a few twists but in a
        simple text n00b proof format. It's as simple as copy and paste
        and because it's all in clear text, you can modify it without
        worrying about breaking any script. My rules are a tad more
        strict but you can modify them as you wish. But the concept is
        what @toralf has been implementing with a few twists for
        efficiency's sake.
        <br>
        <br>
        You can find them here:
        <br>
        <br>
        <a class="moz-txt-link-freetext" href="https://github.com/Enkidu-6/tor-ddos">https://github.com/Enkidu-6/tor-ddos</a>
        <br>
        <br>
        <br>
        On 10/3/2022 6:26 AM, Richie wrote:
        <br>
        <blockquote type="cite">Hi, toralf,
          <br>
          <br>
          since i'm quite a n00b regarding iptables and shellscripts:
          are there somewhere n00b-proof setup instructions for the ddos
          protection scripts?
          <br>
          here: relay (schlafschaf) with the usual connection floods,
          running on Kubuntu (latest LTS)
          <br>
          <br>
          What i found out:
          <br>
          ipset is not installed per default, added via
          <br>
          sudo apt-get install iptables
          <br>
          Also installed as recommended: stem, jq
          <br>
          <br>
          Trivial, nevertheless: edited the ORPort address on Line 122
          <br>
          Outcommented Lines 79-103 (hetzner, zwiebeltoralf only)
          <br>
          <br>
          running the script results in output as with iptables -L,
          containing
          <br>
          tcp dpt:443 #conn src/32 > 30
          <br>
          @ the "chain input ACCEPT" line
          <br>
          and no entries in the chain PREROUTUNG, OUTPUT, PREROUTING and
          OUTPUT lines.
          <br>
          <br>
          Strange: sudo watch ipv4-rules.sh results in
          <br>
          1: ipv4-rules.sh: not found
          <br>
          <br>
          My apologies if its not the right place to ask.
          <br>
          greetz
          <br>
          Korrupt
          <br>
          <br>
          Am 03.10.22 um 09:43 schrieb Toralf Förster:
          <br>
          <blockquote type="cite">On 9/30/22 17:57, Sandro Auerbach
            wrote:
            <br>
            <blockquote type="cite">30 minutes later still 22000
              connections...
              <br>
              Have you observed something similar?
              <br>
            </blockquote>
            <br>
            I reduced those spikes [1] by using certain iptables rules
            [2].
            <br>
            <br>
            <br>
            [1] <a class="moz-txt-link-freetext" href="https://github.com/toralf/torutils/blob/main/sysstat.svg">https://github.com/toralf/torutils/blob/main/sysstat.svg</a>
            <br>
            [2] <a class="moz-txt-link-freetext" href="https://github.com/toralf/torutils">https://github.com/toralf/torutils</a>
            <br>
            <br>
            <br>
            _______________________________________________
            <br>
            tor-relays mailing list
            <br>
            <a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
            <br>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
            <br>
          </blockquote>
          <br>
          _______________________________________________
          <br>
          tor-relays mailing list
          <br>
          <a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
          <br>
<a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
          <br>
        </blockquote>
      </blockquote>
      <br>
      _______________________________________________
      <br>
      tor-relays mailing list
      <br>
      <a class="moz-txt-link-abbreviated" href="mailto:tor-relays@lists.torproject.org">tor-relays@lists.torproject.org</a>
      <br>
      <a class="moz-txt-link-freetext" href="https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays">https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays</a>
      <br>
    </blockquote>
  </body>
</html>