Hi @all,
so I reviewed my whole ExitPolicy statements and now I understand the
probleme: The first rule match wins. And because traffic to port 80 was
accepted for every source the reject rule for the subnet was ignored.
Thanks for the hint!
~Josef
Am 19.10.2015 um 23:43 schrieb teor:
>> On 20
Hello @all,
I have a probleme with an reject rule which seems to fail.
Due to an message from WebIron against my exit relay I wanted to block a
subnet. My exit policy looks like this:
ExitPolicy accept *:53# DNS
ExitPolicy accept *:80# HTTP
ExitPolicy accept *:8080 # HTTP 2
Hi Josef,
I think you must put any reject entries above the accept because the rules read
from top to bottom.
Also, I don't know if this make any difference at all, but I also put port in
my torrc like this :
ExitPolicy reject 195.113.0.0/16:* #comment here
S
On 19 Oct 2015, at 22:03,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/19/2015 11:03 PM, Josef Stautner wrote:
> ExitPolicy reject 5.133.182.0/24 # WebIron report
Put this *before* any accept line
- --
Toralf, pgp key: C4EACDDE 0076E94E
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
> On 20 Oct 2015, at 08:21, spiros_spi...@freemail.gr wrote:
>
>
> Hi Josef,
> ...
>
> Also, I don't know if this make any difference at all, but I also put port in
> my torrc like this :
>
> ExitPolicy reject 195.113.0.0/16:* #comment here
An IP address/mask with no port specifier is
Hello Thoralf,
thanks. I did the change, reloaded tor and zeroed the counter.
Hopefully it works :-)
~Josef
Am 19.10.2015 um 23:13 schrieb Toralf Förster:
> On 10/19/2015 11:03 PM, Josef Stautner wrote:
> > ExitPolicy reject 5.133.182.0/24 # WebIron report
> Put this *before* any accept line
>
