Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- //SRC: http://mikhailian.mova.org/node/194
- Internet trolls are using Tor nowadays to avoid bans by IP. However, banning Tor exit nodes is just slightly more complex. The Tor Project provides a regularly updated list of exit nodes that can access your IP here:
- (https://check.torproject.org/cgi-bin/TorBulkExitList.py).
- As there may be many hundreds or even thousands of nodes, adding them to iptables can hurt your server's network performance. Enter ipset(http://ipset.netfilter.org/), a user-space hash table for iptables:
- x----x----x----x_____________________________________x----x_____________________________________x----x----x----x
- # create a new set for individual IP addresses
- ipset -N tor iphash
- # get a list of Tor exit nodes that can access $YOUR_IP, skip the comments and read line by line
- wget -q https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$YOUR_IP -O -|sed '/^#/d' |while read IP
- do
- # add each IP address to the new set, silencing the warnings for IPs that have already been added
- ipset -q -A tor $IP
- done
- # filter our new set in iptables
- iptables -A INPUT -m set --match-set tor src -j DROP
- x----x----x----x_____________________________________x----x_____________________________________x----x----x----x
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
