[tor-relays] DDOS alerts from my provider
boldsuck
lists at for-privacy.net
Thu Jul 11 20:51:08 UTC 2024
On Donnerstag, 11. Juli 2024 09:38:34 CEST Scott Bennett via tor-relays wrote:
> My understanding is that LINUX systems do not have pf, but rather have
> a less flexible filter called iptables. Whether iptables or any other
> packet filter that may be available on LINUX systems has synproxy or a
> similar feature I do not know
Not as nice as in *BSD's pf but a bit easier in nftables than in iptables.
Can be activated in prerouting:
https://wiki.nftables.org/wiki-nftables/index.php/Synproxy
tcp syncookies & timestamps have been enabled by default for years,
you can check it:
cat /proc/sys/net/ipv4/tcp_syncookies
cat /proc/sys/net/ipv4/tcp_tcp_timestamps
In general, you should be careful with sysctl kernel parameters. If you do
change them, only change individual settings and read and understand what they
mean. If so, it is always good to look specifically for your network driver and
DoS. With a 1G network connection, there is little to improve. In the
cloudflare blog you will find a lot of in-depth expert knowledge about DoS.
--
╰_╯ Ciao Marco!
Debian GNU/Linux
It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20240711/4b08b914/attachment.sig>
More information about the tor-relays
mailing list