[tor-relays] Reapply exit policy on reload
George Hartley
hartley_george at proton.me
Wed Aug 7 12:30:27 UTC 2024
This is already impossible, as both circuit and concurrent connection DoS both gets detected and the IP in question flagged and blacklisted.
Please see the manual on this:
https://2019.www.torproject.org/docs/tor-manual.html.en#DoSCircuitCreationEnabled
All the best,
George
On Sunday, August 4th, 2024 at 12:30 AM, lists at for-privacy.net <lists at for-privacy.net> wrote:
> On Dienstag, 30. Juli 2024 18:34:44 CEST George Hartley via tor-relays wrote:
>
> > I would definitely want to be able to change my exit policy by just sending
> > a simple "kill -SIGHUP $pid".
> >
> > So yeah, consider myself interested in this functionality.
> >
> > But, don't we already have that implemented?
> >
> > I remember changing my exit policy then doing "systemctl reload tor" and
> > after a few hours, Metrics showed that SSH was now also rejected.
>
>
> It's not about changing the exit policy via reload. Yes, that's always been
> possible.
>
> It's about killing existing connections that are currently DOSing us.
>
> Example: 500K connections from IP 1.2.3.4
> You create the reject policy,
> ExitPolicy reject 1.2.3.4/32:*
> do a reload and the existing connections are terminated.
>
> In order for this to work you have to use the new config option:
> ReevaluateExitPolicy 1 # (Default 0)
>
>
> And of course a version of Tor in which trinity's commit was merged ;-)
>
> --
> ╰_╯ Ciao Marco!
>
> Debian GNU/Linux
>
> It's free software and it gives you freedom!_______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240807/f45c7eec/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240807/f45c7eec/attachment.sig>
More information about the tor-relays
mailing list