[tor-relays] DDOS mitigation with nftables

boldsuck lists at for-privacy.net
Tue Oct 22 20:44:34 UTC 2024


On Tuesday, 22 October 2024 19:24 Top wrote:

> My tor relays[1] traffic decreased a lot and I think this *might* be
> connected to some kind of DDOS attack.
> So I wanted to use this situation to set up some DDOS protection.
> For that I stumbled upon Enkidus tor DDOS mitigation script. [2]
> However, this script is made for `iptables`, not `nftables`.
> I use `firewalld` with `nftables` on my system, since this seems to be
> the new default. [3]
> I don't really know that much about firewalls, so this situation
> overwhelms me a bit.

> So how can I apply proper DDOS protection firewall rules whilst using
> `nftables`?
> Is there some easy way to modify the script to make it work?

Nftables is just a single simple text file ;-)

My nftables examples:
https://github.com/boldsuck/tor-relay-bootstrap/tree/nft/etc

It's actually the same thing that Bo posted here:
https://gitlab.torproject.org/tpo/community/support/-/issues/40093

If you have an exit, surgprotector is more suitable.

-- 
╰_╯ Ciao Marco!

Debian GNU/Linux

It's free software and it gives you freedom!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 3872 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241022/fcf51ac8/attachment.sig>


More information about the tor-relays mailing list