[tor-relays] Reapply exit policy on reload
lists at for-privacy.net
lists at for-privacy.net
Sat Aug 3 22:30:05 UTC 2024
On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote:
> I would definitely want to be able to change my exit policy by just sending
> a simple "kill -SIGHUP $pid".
>
> So yeah, consider myself interested in this functionality.
>
> But, don't we already have that implemented?
>
> I remember changing my exit policy then doing "systemctl reload tor" and
> after a few hours, Metrics showed that SSH was now also rejected.
It's not about changing the exit policy via reload. Yes, that's always been
possible.
It's about killing _existing_ connections that are currently DOSing us.
Example: 500K connections from IP 1.2.3.4
You create the reject policy,
ExitPolicy reject 1.2.3.4/32:*
do a reload and the _existing_ connections are terminated.
In order for this to work you have to use the new config option:
ReevaluateExitPolicy 1 # (Default 0)
And of course a version of Tor in which trinity's commit was merged ;-)
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240804/e5bed0d3/attachment.sig>
More information about the tor-relays
mailing list