[tor-relays] firewalled relays
tagnaq
tagnaq at gmail.com
Sat Jun 4 10:50:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
>>> If somebody can tell me where to look...
>>
>> You likely need to taylor your iptables rules to also log when you
>> reject these connections:
>> http://www.cyberciti.biz/tips/force-iptables-to-log-messages-to-a-different-log-file.html
>
> This is a *very* dangerous thing for *any* relay to do. Does iptables
> have support for ‘counters’?
Yes, I first thought about a simple rule counting outgoing TCP SYN
packets but I didn't suggest it because I thought there are better ways
via the control port and as Mike said if you have already a connection
to relay foo new circuits to using relay foo wont result in new
connection attempts.
you can count outgoing connection attempts to port 443 from tor like this:
iptables -I OUTPUT -m owner --uid-owner yourtorUID -p tcp --syn --dport 443
Counter can be inspected by looking at the iptables -vL output.
-----BEGIN PGP SIGNATURE-----
iF4EAREKAAYFAk3qDeAACgkQyM26BSNOM7Y9HQEAqs0diu79m93mz5TjOZ8KPrEC
I9uJeCQCoLZm0zV+N/8BAJ/JtKXsa7LeS5wqa9KahsXhTuJTMbvKsMC4rOFyyPHJ
=bX+l
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list