Block almost all tor traffic to your server

![tor logo] ({filename}/static/images/tor.png)

If you don’t want to allow access to your server through the tor network you can ask nicely or just add every malicious looking client to a list. I tried to come up with a better solution.

This Script takes the known tor endpoints from and adds it to a ipset list. The ipset is the dropped with iptables.


echo "Tor endpoint list loading"
TORLIST=$(curl -s |grep ExitAddress | awk '{print $2 }' | sort | uniq)

echo "creating ipset tor list"
ipset destroy torset
ipset -N torset iphash

for ip in ${TORLIST}; do
    ipset -A torset ${ip}
iptables -A INPUT -m set --match-set torset src -j DROP
Cloud & Open-Source magician 🧙‍♂️

I try to find the KISS in complex systems and share it with the world.

comments powered by Disqus