Hello @all,
I have a probleme with an reject rule which seems to fail. Due to an message from WebIron against my exit relay I wanted to block a subnet. My exit policy looks like this:
ExitPolicy accept *:53 # DNS ExitPolicy accept *:80 # HTTP ExitPolicy accept *:8080 # HTTP 2 ExitPolicy accept *:443 # HTTPS ExitPolicy reject 5.133.182.0/24 # WebIron report ExitPolicy reject *:*
After I added the reject rule I reloaded tor and thought the case is done. But WebIron keeps sending me messages because of "ongoing attacks" against a host in that subnet. Of course I trusted the reject rule and ignored them. After the 6th mail I got suspicious and added an iptables ACCEPT rule in my OUTPUT chain to have a look if there is really a traffic flow. I just received another mail and checked the packet counter:
Chain OUTPUT (policy ACCEPT 116M packets, 159G bytes) num pkts bytes target prot opt in out source destination 2 142 8304 ACCEPT all -- * * 31.220.45.6/32 5.133.182.0/24 /* WebIron Block check */
There is traffic flowing from my relay IP 31.220.45.6 to the subnet. Can somebody please hint me what I'm doing wrong? Link to the relay in case you need more information: https://atlas.torproject.org/#details/29E3D95332812F81F67FF31B3B1B842683D1C3...
Thanks in advance, ~Josef
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 10/19/2015 11:03 PM, Josef Stautner wrote:
ExitPolicy reject 5.133.182.0/24 # WebIron report
Put this *before* any accept line
- -- Toralf, pgp key: C4EACDDE 0076E94E
Hello Thoralf,
thanks. I did the change, reloaded tor and zeroed the counter. Hopefully it works :-)
~Josef
Am 19.10.2015 um 23:13 schrieb Toralf Förster:
On 10/19/2015 11:03 PM, Josef Stautner wrote:
ExitPolicy reject 5.133.182.0/24 # WebIron report
Put this *before* any accept line
_______________________________________________ > tor-relays mailing list > tor-relays@lists.torproject.org >
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
tor-relays@lists.torproject.org
-
Josef Stautner -
Toralf Förster