On 11/9/18 12:43 AM, teor wrote: > 2. If you reject enough IP addresses in your exit policy: > > If your exit blocks enough /8 networks, then its exit policy summary becomes > reject all. > > If the exit policy summary is too long, then it is truncated to a list of > accept ports. (That doesn't seem to have happened here.) > > Separately, if your exit doesn't exit to at least one /8 on ports 80 and 443, > it loses the Exit flag: > https://gitweb.torproject.org/torspec.git/tree/dir-spec.txt#n2531 I run the relays as non-exits over night, kicked off a bunch of rather rarely used ports together with few */8 networks today morning and restarted both - the issue is now gone here AFACT.
Thx for the hints (I'm still watching the DNSSEC traffic here). -- Toralf PGP C4EACDDE 0076E94E
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
