What is it?

This shell-script fetches lists of tor-exit-node IP-addresses, parses and sanitizes them and applies it as an iptables IPv4/IPv6-ruleset, so they are blocked.

Setup

use hourly cronjob as user 'root' for regular updates:

6 * * * * /usr/local/bin/tornodes_block.sh update

Description

IP-lists are fetched from

'https://www.dan.me.uk/torlist/?exit' and
'https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=1.1.1.1'.

iptables replacement of new rules works nearly atomic.

Layout of iptables rules and logic

# send all incoming traffic to chain 'tor':
Chain INPUT (policy ACCEPT 11031 packets, 6043475 bytes)
    pkts      bytes target     prot opt in     out     source               destination
   11031  6043475 tor        all  --  *      *       0.0.0.0/0            0.0.0.0/0


# everything that matches gets REJECTED here:
Chain tor (1 references)
    pkts      bytes target     prot opt in     out     source               destination
       0        0 REJECT     all  --  *      *       103.15.28.215        0.0.0.0/0      reject-with icmp-port-unreachable
       5     4108 REJECT     all  --  *      *       103.208.220.122      0.0.0.0/0      reject-with icmp-port-unreachable
       0        0 REJECT     all  --  *      *       103.208.220.226      0.0.0.0/0      reject-with icmp-port-unreachable

[...]

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
.github/workflows		.github/workflows
README.md		README.md
tornodes_block.sh		tornodes_block.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

What is it?

Setup

Description

Layout of iptables rules and logic

About

Releases

Packages

Languages

bittorf/block-TOR-nodes

Folders and files

Latest commit

History

Repository files navigation

What is it?

Setup

Description

Layout of iptables rules and logic

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages