Background:
A set of bash scripts used to
apply iptables rules to fight the current DDoS attacks. They
require no dependencies to install except iptable/nftables
which all Linux flavors already have and require no particular
expertise. The issue was discussed here:
[issue 40093] https://gitlab.torproject.org/tpo/community/support/-/issues/40093
Update Notice:
The scripts have been updated to modify some rules and include a new rule. Also a few additional scripts have been added to make monitoring and cleanup of the block list easier or automated.
If you are already using the scripts, please update them to the new rule set. Simply use one of the scripts - depending on your current set up of Tor - in the update folder. It automatically updates your rules, keeps your current block list and requires no reboot or restart of Tor and there will be no downtime.
If you're not using the scripts, please take a look at them and if you like, give them a try and provide feedback. All feedback is welcome and appreciated and will help fine tuning the rules to make them more effective.
Read more and download here:
https://github.com/Enkidu-6/tor-ddos
These rules have proven to let
your system run at a steady RAM and CPU usage and stay green.
Even if your system shows as overloaded on the relay search
occasionally, the system will continue to run with no problem
and will go back to green within two or three heartbeat
reports.
Thank you.