[tor-relays] debugging unbound on 'torexit' failing DNS queries (solved)
Quintin
tor-admin at portaltodark.world
Fri Jan 26 05:37:05 UTC 2018
Hi nusenu,
Server has now been unsuspended, and is back online. You asked "do you
require a stateful packet filter?". Do you mean to disable conntrack?
I have removed all my connection tracking iptables entries. My iptables
looks like this now. Will keep an eye on it now.
**filter*
*:INPUT ACCEPT [0:0]*
*:FORWARD ACCEPT [0:0]*
*:OUTPUT ACCEPT [6716:3141641]*
*-A INPUT -p icmp -j ACCEPT*
*-A INPUT -i lo -j ACCEPT*
*-A INPUT -s x.x.x.x -p tcp -m comment --comment SSH -m tcp --dport 22 -j
ACCEPT*
*-A INPUT -p tcp -m comment --comment Tor -m tcp --dport 80 -j ACCEPT*
*-A INPUT -p tcp -m comment --comment Tor -m tcp --dport 443 -j ACCEPT*
*-A INPUT -j DROP*
*-A FORWARD -j DROP*
*COMMIT*
Quintin
On Wed, Jan 24, 2018 at 9:15 PM nusenu <nusenu-lists at riseup.net> wrote:
>
>
> Quintin:
> > Seems my VPS got suspended when I increased the connlimit above 10000. Do
> > you think my INPUT filters which use conntrack could have caused this
> issue?
>
> You did confirm that already, no?
>
> --
> https://mastodon.social/@nusenu
> twitter: @nusenu_
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
--
0101100101000001010010000101011101000101010010000010000001000010
0100110001000101010100110101001100100000010110010100111101010101
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180126/eb68f59e/attachment.html>
More information about the tor-relays
mailing list