Its a limit that many vps suppliers set > 30000 gets you a warning - I'll set the limit to 29k tonight - its only an issue on shared resources like vps
Cheers Mark B Snaptor.co.uk (non commercial) > On 4 Jan 2017, at 13:16, Zack Weinberg <[email protected]> wrote: > >> On Wed, Jan 4, 2017 at 8:05 AM, Sec INT <[email protected]> wrote: >> >> Just had an issue on a 60mbps exit where conntrack sessions went over the >> usual 30000 limit - is this possible for a normal operating exit relay? Is >> there any default limit set on this or indeed is there a setting intorrc to >> control the number of sessions? > > Yes, it is perfectly normal for an exit to have tens of thousands of > active TCP sessions. > > An exit doesn't get a lot of use out of a firewall. Your only sockets > listening to the public network (netstat -lnt) should be Tor, SSH, and > the "this is an exit" page on port 80. fail2ban-type protection for > the ssh port *may* be worth it, but I don't see what you would need > conntrack for. > > zw > _______________________________________________ > tor-relays mailing list > [email protected] > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
