[tor-relays] Ensure servers with >2 relays per IP do not get hit by rate limiting firewalls (by other relays)
mail at nothingtohide.nl
mail at nothingtohide.nl
Fri Feb 3 09:40:57 UTC 2023
Hi Tor operators,
Some of us took/will take advantage of the increase in allowed Tor relays per IPv4 address[1] to reduce costs for running Tor relays. This change will result in more relays sharing the same source IP address than before, which means other relays using rate limits on their ORPorts might need to make sure they do not
unintentionally block relay to relay connectivity.
Many relay operators deploy TCP SYN rate limiting packet filters theses days due to the ongoing DDoS issues. With the increase in Tor relays per IPv4 address, there might be more (new) connection coming from the same source IP.
If you have strict TCP SYN rate limits per source IP, please ensure that this change does not result in blacklisting relay to relay traffic. You could for example whitelist relay IP addresses or have less strict rate limits for them.
Thanks for reading,
https://applied-privacy.net
https://nothingtohide.nl
[1] https://gitlab.torproject.org/tpo/core/tor/-/issues/40744
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20230203/0802ba56/attachment-0001.htm>
More information about the tor-relays
mailing list