firewall

Make iptables like your ftp sessions

If you manage your firewall by hand have issues with connection trough ftp, try adding this. # FTP Helper (beginning of script) modprobe ip_conntrack_ftp modprobe ip_nat_ftp ports=21 # ... # other rules # ... # FTP Helper iptables -A OUTPUT -o eth0 -p tcp --sport ftp -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport ftp-data -j ACCEPT # Drop rule #(end of script)

Block tor traffic in cloudflare firewall

![tor logo] ({filename}/static/images/tor.png) If you don't want to allow access to your server through the tor network you can ask nicely or just add every malicious looking client to a list. I tried to come up with a better solution. I started with a script that blocked incomming connections on a loadbalancer (can also be used on a webserver) Then I realized that if you use cloudclare in front of that the tcp connections come from cloudare and not from the tor endpoints.

Block almost all tor traffic to your server

![tor logo] ({filename}/static/images/tor.png) If you don't want to allow access to your server through the tor network you can ask nicely or just add every malicious looking client to a list. I tried to come up with a better solution. This Script takes the known tor endpoints from torproject.org and adds it to a ipset list. The ipset is the dropped with iptables. #!/bin/bash echo "Tor endpoint list loading" TORLIST=$(curl -s https://check.