On 01/11/2018 02:10 AM, teor wrote:
> So if you're going to do this, please set a much higher limit than 2.
> I would suggest at least 4, but 10 or more is better.
>
> You might be able to set it higher if you put a limit on repeated
> connection attempts.
The simple approach (allowing 8 syn
> On 10 Jan 2018, at 16:39, teor wrote:
>
> Hi,
>
> Still having load trouble on your relay?
> Try dropping rapid connection attempts.
>
>> On 9 Jan 2018, at 16:32, teor wrote:
>>
>> I've tried various ways of limiting Tor's RAM and CPU.
>>
> On 12 Jan 2018, at 08:46, Toralf Förster wrote:
>
>> On 01/11/2018 02:10 AM, teor wrote:
>> As far as I can tell, this single rule has the same effect:
> Even if " -P INPUT DROP" is et ?
I think that applying the single rule to the default config,
has the same
On 01/11/2018 02:10 AM, teor wrote:
> As far as I can tell, this single rule has the same effect:
Even if " -P INPUT DROP" is et ?
--
Toralf
PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
___
tor-relays mailing list
On 01/11/2018 02:10 AM, teor wrote:
> We allow 2 relays per IPv4 address, and each relay makes 1-2 connections
> to each other relay. (Or more, if the connections start failing. This is
> a bug we want to fix.)
>
> So if you're going to do this, please set a much higher limit than 2.
> I would
> On 11 Jan 2018, at 08:10, Toralf Förster wrote:
>
> On 01/10/2018 06:39 AM, teor wrote:
>> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
>> --set
>> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
>> --update
On 01/10/2018 06:39 AM, teor wrote:
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
> --set
> iptables -I INPUT -p tcp --syn ! --dport 22 -m state --state NEW -m recent
> --update --seconds 60 --hitcount 100 -j DROP
What's about the following approach;
Hi,
Still having load trouble on your relay?
Try dropping rapid connection attempts.
> On 9 Jan 2018, at 16:32, teor wrote:
>
> I've tried various ways of limiting Tor's RAM and CPU.
> MaxAdvertisedBandwidth was effective, as was limiting Tor's file
> descriptors and
> On 6 Jan 2018, at 06:05, Zack Weinberg wrote:
>
>> On Fri, Jan 5, 2018 at 1:44 PM, tor wrote:
>> For relay operators using iptables connlimit to mitigate DoS attacks (or
>> increased load from new clients), is it better for the Tor network to use
>>
On Fri, Jan 5, 2018 at 1:44 PM, tor wrote:
> For relay operators using iptables connlimit to mitigate DoS attacks (or
> increased load from new clients), is it better for the Tor network to use
> "DROP" rules, or should we use something like "REJECT --reject-with
>
10 matches
Mail list logo