From: | Stroller <stroller@××××××××××××××××××.uk> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] How can I block incomming tor-traffic? | ||
Date: | Sat, 06 Jun 2015 13:10:45 | ||
Message-Id: | 54FDFC08-C1CC-487A-B8F0-28F6A8439407@stellar.eclipse.co.uk | ||
In Reply to: | [gentoo-user] How can I block incomming tor-traffic? by Jarry |
1 | On Sat, 6 June 2015, at 12:04 pm, Jarry <mr.jarry@×××××.com> wrote: |
2 | > |
3 | > … (ip-lookup of source addresses always points |
4 | > to tor-exit.watever). How can I block this tor-traffic completely? |
5 | > |
6 | > How can I feed this list to iptables? Is there some ready-to-use |
7 | > solution, or do I have to parse this list through some script |
8 | > I have to write first? |
9 | |
10 | I would have thought you could just have the webserver deny access to the tor-exit.watever domain. |
11 | |
12 | For Apache, ctrl-f "domain" on this page: http://httpd.apache.org/docs/2.2/howto/access.html |
13 | |
14 | NB: if you google "how to block tor", DNS based denial seems to be the recommended solution: |
15 | |
16 | https://www.torproject.org/docs/faq-abuse.html.en#Bans |
17 | https://www.torproject.org/projects/tordnsel.html.en |
18 | |
19 | If you wanted to run a daily "add to iptables script" then you could extract those IPs with: |
20 | |
21 | curl https://check.torproject.org/exit-addresses | grep ExitAddress | cut -d ' ' -f 2 |
22 | |
23 | This is a bit primitive, but you can see it works. |
24 | |
25 | Stroller. |
Subject | Author |
---|---|
Re: [gentoo-user] How can I block incomming tor-traffic? | Jonathan Moseley <techmo7@×××××.com> |