This is already impossible, as both circuit and concurrent connection DoS both gets detected and the IP in question flagged and blacklisted.
Please see the manual on this:
https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEn...
All the best, George
On Sunday, August 4th, 2024 at 12:30 AM, lists@for-privacy.net lists@for-privacy.net wrote:
On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote:
I would definitely want to be able to change my exit policy by just sending a simple "kill -SIGHUP $pid".
So yeah, consider myself interested in this functionality.
But, don't we already have that implemented?
I remember changing my exit policy then doing "systemctl reload tor" and after a few hours, Metrics showed that SSH was now also rejected.
It's not about changing the exit policy via reload. Yes, that's always been possible.
It's about killing existing connections that are currently DOSing us.
Example: 500K connections from IP 1.2.3.4 You create the reject policy, ExitPolicy reject 1.2.3.4/32:* do a reload and the existing connections are terminated.
In order for this to work you have to use the new config option: ReevaluateExitPolicy 1 # (Default 0)
And of course a version of Tor in which trinity's commit was merged ;-)
-- ╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!_______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays