Block almost all tor traffic to your server
![tor logo] ({filename}/static/images/tor.png)
If you don’t want to allow access to your server through the tor network you can ask nicely or just add every malicious looking client to a list. I tried to come up with a better solution.
This Script takes the known tor endpoints from torproject.org and adds it to a ipset list. The ipset is the dropped with iptables.
#!/bin/bash
echo "Tor endpoint list loading"
TORLIST=$(curl -s https://check.torproject.org/exit-addresses |grep ExitAddress | awk '{print $2 }' | sort | uniq)
echo "creating ipset tor list"
ipset destroy torset
ipset -N torset iphash
for ip in ${TORLIST}; do
ipset -A torset ${ip}
done
iptables -A INPUT -m set --match-set torset src -j DROP