I do wonder why the follwoing iptables rule does fire more often than expected althought there're much less (<100) new outgoing Tor exit connections within 1 second at my Tor exit relay:
/sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 2000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG
That's because this rule matches on connection count >2000 with mask 0 => so results in: more than 2000 connections to anywhere
the second limit is for log action only.
On Fri, 2 Feb 2018 at 22:12 Toralf Förster toralf.foerster@gmx.de wrote:
I do wonder why the follwoing iptables rule does fire more often than expected althought there're much less (<100) new outgoing Tor exit connections within 1 second at my Tor exit relay:
/sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 2000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG
-- Toralf PGP C4EACDDE 0076E94E
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
On Fri, 2 Feb 2018 at 23:15 Toralf Förster toralf.foerster@gmx.de wrote:
On 02/02/2018 11:02 PM, r1610091651 wrote:
mask 0 => so results in: more than 2000 connections to anywhere
That's intentional.
What exactly do you intent to achieve?
tor-relays@lists.torproject.org