On 21 Jan 2018, at 22:34, Toralf Förster toralf.foerster@gmx.de wrote:
On 01/11/2018 02:10 AM, teor wrote:
So if you're going to do this, please set a much higher limit than 2. I would suggest at least 4, but 10 or more is better.
You might be able to set it higher if you put a limit on repeated connection attempts.
The simple approach (allowing 8 syn requests from an address at ORport and at DirPort respectively) worked flawlessley for a while - just few dozen/hundreds DROPs per hour. Since yesterday however I get > 100K DROPs per hour.
Your relays are now handling extra load, because they lost the exit flag and became guards.
Could a side effect of that traffic be that I lost the Exit flag ?
No, the exit flag is determined by your exit policy, and the Tor version running on the majority of directory authorities. Recently, a majority of authorities upgraded to 0.3.2 or later. They require ports 80 and 443 for the Exit flag: https://trac.torproject.org/projects/tor/ticket/23637
Your exit policy does not include port 80, so your relays are not useful for clients to build general-purpose exit circuits. Please allow port 80 to regain the Exit flag.
(The majority of Tor traffic is web traffic. Some of that traffic is unencrypted. This is bad, but enforcing port 443 on Tor clients would sacrifice usability and anonymity for security.)
T
-- Tim / teor
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n ------------------------------------------------------------------------