[tor-relays] blocking >1 connections per ip address onto Tor DirPort
Toralf Förster
toralf.foerster at gmx.de
Tue Aug 15 18:08:54 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
I do have the following iptables rule here :
# Tor
#
dirport=80
orport=443
$IPT -A INPUT -p tcp --destination-port $dirport --match conntrack --ctstate NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP
$IPT -A INPUT -p tcp --destination-port $orport --match conntrack --ctstate NEW --match connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP
which seems to work fine. An
$> ip6tables -nvL
gives
14110 746K DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 ctstate NEW #conn src/32 > 1
230K 14M DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 ctstate NEW #conn src/32 > 1
after few days so I do just like to ask here if the rules above are fine or if I overllooked something ?
- --
Toralf
PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNATURE-----
iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWZM4sxccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTqnGAQCPr7gkpaxRD3spzKp49l53A2H0
YOzXrw8G8vR8BtHZPQD+NE4Zhf7Y0w0JtKqy6E5bSowikeSJsKSDur8zxO+kf8E=
=UPak
-----END PGP SIGNATURE-----
More information about the tor-relays
mailing list