Hello all, how can I used a reduced exit policy and don't allow any IPv4 exit traffic?
The following line in the top of all the ExitPolicy lines in torrc seems not to work. ExitPolicy reject 0.0.0.0:*
What is the order I needed here, first "reject" and then accept or the other way around?
Reduced Exit policy like here: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReducedExitPolicy
Webtropia was a bit unhappy lately when UCEprotect listed the whole /24 for some reason I still don't understand.
But then I thought, why not disable IPv4 exit traffic, there is so many IPv6 resources that a IPv6 only Exit should still be fine.
Thanks yl
Hi ,
I would try the following:
ExitPolicy accept [::]:20-21 # FTP, SSH, telnet ExitPolicy accept [::]:23 # FTP, SSH, telnet ExitPolicy accept [::]:43 # WHOIS [..] ExitPolicy reject *:*
I would recommend that you block outgoing email ports instead of trying to block out all IPv4 traffic. I've never had any problems with ISPs and I ban outgoing email and SSH. I'm not happy with it, but it's better than being discredited by ISPs.
On 2/16/22 13:45, yl wrote:
Hello all, how can I used a reduced exit policy and don't allow any IPv4 exit traffic?
The following line in the top of all the ExitPolicy lines in torrc seems not to work. ExitPolicy reject 0.0.0.0:*
What is the order I needed here, first "reject" and then accept or the other way around?
Reduced Exit policy like here: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReducedExitPolicy
Webtropia was a bit unhappy lately when UCEprotect listed the whole /24 for some reason I still don't understand.
But then I thought, why not disable IPv4 exit traffic, there is so many IPv6 resources that a IPv6 only Exit should still be fine.
Thanks yl _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello
On 2/17/22 21:20, Martin Gebhardt wrote:
ExitPolicy accept [::]:20-21 # FTP, SSH, telnet ExitPolicy accept [::]:23 # FTP, SSH, telnet ExitPolicy accept [::]:43 # WHOIS [..] ExitPolicy reject *:*
Oh yes, I will try that. Now that you write it here I could also keep some other IPv4 ports open that way. I need to check this out. Also need to test it by choosing "my" exit I guess.
I would recommend that you block outgoing email ports instead of trying to block out all IPv4 traffic. I've never had any problems with ISPs and I ban outgoing email and SSH. I'm not happy with it, but it's better than being discredited by ISPs.
E-Mail is banned, I think the reason for my problems was forum spam, so some spam done via 80/443.
yl
Afaik this is not possible. To get the exit flag you need both IPv4 and IPv6 or only IPv4, but IPv6 only relays are not possible.
Greetings
On 16.02.2022 13:45, yl wrote:
Hello all, how can I used a reduced exit policy and don't allow any IPv4 exit traffic?
The following line in the top of all the ExitPolicy lines in torrc seems not to work. ExitPolicy reject 0.0.0.0:*
What is the order I needed here, first "reject" and then accept or the other way around?
Reduced Exit policy like here: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReducedExitPolicy
Webtropia was a bit unhappy lately when UCEprotect listed the whole /24 for some reason I still don't understand.
But then I thought, why not disable IPv4 exit traffic, there is so many IPv6 resources that a IPv6 only Exit should still be fine.
Thanks yl _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Hello,
On 2/18/22 13:40, newsletter@unicorncloud.org wrote:
Afaik this is not possible. To get the exit flag you need both IPv4 and IPv6 or only IPv4, but IPv6 only relays are not possible.
I believe this changed with the last version, but I am not sure.
I want to use IPv4 and IPv6, I just don't want to allow (reject) all exit to IPv4 and guess that muss be possible somehow?
Regards yl
On Wednesday, February 16, 2022 1:45:51 PM CET yl wrote:
how can I used a reduced exit policy and don't allow any IPv4 exit traffic?
I don't think IPv6 only works. AFAIK, exits must have at least port 80,443 and 53 open on IPv4.
The following line in the top of all the ExitPolicy lines in torrc seems not to work. ExitPolicy reject 0.0.0.0:*
What are you putting them for? All private addresses are rejected by default.
What is the order I needed here, first "reject" and then accept or the other way around?
No, as always, first come first served.
Reduced Exit policy like here: https://gitlab.torproject.org/legacy/trac/-/wikis/doc/ReducedExitPolicy
You can also take it like this. I would also delete port 22, then there would be fewer abuse mails.
Before changing exit policies, read 'man torrc' carefully. SERVER OPTIONS ExitPolicy* and IPv6Exit.
But then I thought, why not disable IPv4 exit traffic, there is so many IPv6 resources that a IPv6 only Exit should still be fine.
Unfortunately, the IPv6 traffic on my relays is often close to 0 for months.
On Wednesday, February 16, 2022 1:45:51 PM CET yl wrote:
how can I used a reduced exit policy and don't allow any IPv4 exit traffic?
tor's man page has the information on how to specify any IPv4:
*4 to denote all IPv4 addresses, and *6 to denote all IPv6 addresses.
I don't think IPv6 only works. AFAIK, exits must have at least port 80,443 and 53 open on IPv4.
You can run a relay that does allow exiting to IPv6 and not IPv4 but it will not get the exit flag.
kind regards, nusenu
On 2/18/22 16:13, lists@for-privacy.net wrote:
Before changing exit policies, read 'man torrc' carefully. SERVER OPTIONS ExitPolicy* and IPv6Exit.
ah, there is is buried. I didn't know that there is man torrc, I always looked that up online in the 2019 documentation, or before that in the standard doc. online.
I will try what happens if I apply a config with IPv6 exit only, I guess it could work now. At least I need to close 80/443, as that seems to be the source for spam, I assume it is some webform or forum spam that got the server listed in the spam block list.
yl
tor-relays@lists.torproject.org
-
lists@for-privacy.net -
Martin Gebhardt -
newsletter@unicorncloud.org -
nusenu -
yl