On Tuesday, 22 October 2024 19:24 Top wrote:
My tor relays[1] traffic decreased a lot and I think this *might* be connected to some kind of DDOS attack. So I wanted to use this situation to set up some DDOS protection. For that I stumbled upon Enkidus tor DDOS mitigation script. [2] However, this script is made for `iptables`, not `nftables`. I use `firewalld` with `nftables` on my system, since this seems to be the new default. [3] I don't really know that much about firewalls, so this situation overwhelms me a bit.
So how can I apply proper DDOS protection firewall rules whilst using `nftables`? Is there some easy way to modify the script to make it work?
Nftables is just a single simple text file ;-)
My nftables examples: https://github.com/boldsuck/tor-relay-bootstrap/tree/nft/etc
It's actually the same thing that Bo posted here: https://gitlab.torproject.org/tpo/community/support/-/issues/40093
If you have an exit, surgprotector is more suitable.