[tor-relays] measure rate of initiated HTTPs connnections

r1610091651 r1610091651 at telenet.be
Fri Feb 2 22:02:36 UTC 2018


That's because this rule matches on connection count >2000 with mask 0 =>
so results in: more than 2000 connections to anywhere

the second limit is for log action only.

On Fri, 2 Feb 2018 at 22:12 Toralf Förster <toralf.foerster at gmx.de> wrote:

> I do wonder why the follwoing iptables rule does fire more often than
> expected althought there're much less (<100) new outgoing Tor exit
> connections within 1 second at my Tor exit relay:
>
>  /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match
> connlimit --connlimit-above 2000 --connlimit-mask 0 --connlimit-daddr
> --match limit --limit 1/second --limit-burst 1 -j LOG
>
> --
> Toralf
> PGP C4EACDDE 0076E94E
>
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20180202/78fcbfe2/attachment.html>


More information about the tor-relays mailing list