![tor logo] ({filename}/static/images/tor.png)

If you don't want to allow access to your server through the tor network you can ask nicely or just add every malicious looking client to a list. I tried to come up with a better solution.

This Script takes the known tor endpoints from torproject.org and adds it to a ipset list. The ipset is the dropped with iptables.

#!/bin/bash

echo "Tor endpoint list loading"
TORLIST=$(curl -s https://check.torproject.org/exit-addresses |grep ExitAddress | awk '{print $2 }' | sort | uniq)

echo "creating ipset tor list"
ipset destroy torset
ipset -N torset iphash

for ip in ${TORLIST}; do
    ipset -A torset ${ip}
done
iptables -A INPUT -m set --match-set torset src -j DROP

- Stein van Broekhoven


Comments

comments powered by Disqus