Hi Richie

I was a bit lost myself having to deal with the scripts and additional packages to install. So I put something together for myself based on the same rules and added a few twists but in a simple text n00b proof format. It's as simple as copy and paste and because it's all in clear text, you can modify it without worrying about breaking any script. My rules are a tad more strict but you can modify them as you wish. But the concept is what @toralf has been implementing with a few twists for efficiency's sake.

You can find them here:

https://github.com/Enkidu-6/tor-ddos


On 10/3/2022 6:26 AM, Richie wrote:
Hi, toralf,

since i'm quite a n00b regarding iptables and shellscripts: are there somewhere n00b-proof setup instructions for the ddos protection scripts?
here: relay (schlafschaf) with the usual connection floods, running on Kubuntu (latest LTS)

What i found out:
ipset is not installed per default, added via
sudo apt-get install iptables
Also installed as recommended: stem, jq

Trivial, nevertheless: edited the ORPort address on Line 122
Outcommented Lines 79-103 (hetzner, zwiebeltoralf only)

running the script results in output as with iptables -L, containing
tcp dpt:443 #conn src/32 > 30
@ the "chain input ACCEPT" line
and no entries in the chain PREROUTUNG, OUTPUT, PREROUTING and OUTPUT lines.

Strange: sudo watch ipv4-rules.sh results in
1: ipv4-rules.sh: not found

My apologies if its not the right place to ask.
greetz
Korrupt

Am 03.10.22 um 09:43 schrieb Toralf Förster:
On 9/30/22 17:57, Sandro Auerbach wrote:
30 minutes later still 22000 connections...
Have you observed something similar?

I reduced those spikes [1] by using certain iptables rules [2].


[1] https://github.com/toralf/torutils/blob/main/sysstat.svg
[2] https://github.com/toralf/torutils


_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays