[tor-relays] max TCP interruption before Tor circuit teardown?
David Serrano
tor at dserrano5.es
Sun Oct 27 22:35:32 UTC 2013
On 2013-10-27 15:00:10 (-0700), Gordon Morehouse wrote:
>
> Here's my 'iptables -L' output, on pastebin because it's a mess when
> formatted for email: http://pastebin.com/f1VZNeTF
>
> That's not a fresh boot, though, I did:
>
> 'iptables -F'
> 'service fail2ban reload'
>
> and then ran the iptables commands by hand, in order.
Things may potentially be different after a reboot, so I'd recommend rebooting
now and see how the firewall ends up. Right now it seems that fail2ban would
ban and break existing circuits. It all depends on what rules it inserts into
its chain.
However, do you need fail2ban now that you are throttling SYNs without
affecting circuits?
--
David Serrano
GnuPG id: 280A01F9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20131027/36ba3cec/attachment.sig>
More information about the tor-relays
mailing list