[tor-relays] firewalled relays
tagnaq at gmail.com
Sat Jun 4 10:50:09 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
>>> If somebody can tell me where to look...
>> You likely need to taylor your iptables rules to also log when you
>> reject these connections:
> This is a *very* dangerous thing for *any* relay to do. Does iptables
> have support for ‘counters’?
Yes, I first thought about a simple rule counting outgoing TCP SYN
packets but I didn't suggest it because I thought there are better ways
via the control port and as Mike said if you have already a connection
to relay foo new circuits to using relay foo wont result in new
you can count outgoing connection attempts to port 443 from tor like this:
iptables -I OUTPUT -m owner --uid-owner yourtorUID -p tcp --syn --dport 443
Counter can be inspected by looking at the iptables -vL output.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
More information about the tor-relays