My bad. Never seen this before. I there a good reason for the accept 133.0.0.0/8:80 ?
niftybunny
On 26. Mar 2020, at 15:06, gerard@bulger.co.uk wrote:
"btw, you need to have at least port 80 and 443 … port 80 is missing …"
It there. But to a /8 area IPV4, all IPv6
I have not changed my exit policy for years. Port 80 is there, just limited to a /8 network and all IPv6 addresses port 80 allowed. 443 all there IPv4 and IPv6
Testing seems to be exiting OK, but badexit tag still there.
Gerry
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of niftybunny Sent: 26 March 2020 12:49 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BadExit
btw, you need to have at least port 80 and 443 … port 80 is missing …
Cheers,
niftybunny
On 25. Mar 2020, at 23:28, gerard@bulger.co.uk wrote:
George
Thanks
My exit, still badexit, is 51AE5656C81CD417479253A6363A123A007A2233 and I did get an email which I missed, as it is simply failing to exit, Implying my ISP was doing something before they told me. Seems to be exiting from my local port now.
-----Original Message----- From: tor-relays tor-relays-bounces@lists.torproject.org On Behalf Of Georg Koppen Sent: 24 March 2020 18:21 To: tor-relays@lists.torproject.org Subject: Re: [tor-relays] BadExit
Hi!
gerard@bulger.co.uk:
Oh the shame! Never had that tag on my exit before.
Sorry to hear. :(
I assume it was due to a bad boy attacking an IP, pointed out by my ISP,
and
the ISP put my server "under mitigation". I assume some filtering,
which
of course would have looked bad to TOR users.
I did not spot the ISP's email for 30 minutes, but then I was able to block the offended IP. Within minutes of doing that the ISP said attack stop and my server was removed from mitigation. However the next day badexit tag on my exit and remains there
How long does the tag last?
So long as the Directory Authorities assign it.
I go to my other, overseas exit, a family member, to see the tag is aslo applied there to. Do family members get tarred with the same brush?
It depends on the reason for badexiting.
I have turned both into relays for the time being.
Or have I got this wrong. Is it a DNS thing? Are no some DNS providers causing issues forcing the tag? I am not using opendns.
It could be a DNS thing, I am not sure. I recently pushed a commit that leads to some exits getting that flag. I tried to contact all the relay operators beforehand (some did not have any ContactInfo set) but I got almost no reply back. For details see [1].
What's the fingerprint of your relay that got the badexit flag?
Georg
[1] https://trac.torproject.org/projects/tor/ticket/32864
Gerry
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays