diff options
| -rw-r--r-- | md/writeup/using_iptables.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/md/writeup/using_iptables.md b/md/writeup/using_iptables.md index 9f92993..b2b046c 100644 --- a/md/writeup/using_iptables.md +++ b/md/writeup/using_iptables.md @@ -305,6 +305,18 @@ there. Then there is possible to match specific connection state iptables -A INPUT -m state --state NEW -j DROP -s 86.159.18.180 ``` +### Block TOR + +There is quite common that ANNONYMOUSE users have higher chance to abuse services. +Also some website provides list of exit nodes. Here we going to add to new +iptables chai list of IPs gathered from public source +``` +wget -c https://www.dan.me.uk/torlist/ > tor.list +iptables -N TOR +iptables -t filter -A INPUT -j TOR +cat /tmp/tor.list | uniq | sort | xargs iptables -A TOR -j DROP -s +``` + ### Logging Log droppend packages @@ -343,6 +355,7 @@ the system admins could be not happy with this jokes ;]. 16. https://en.wikipedia.org/wiki/Transmission_Control_Protocol#Protocol_operation 17. https://tools.ietf.org/html/rfc675 18. https://www.netfilter.org/documentation/HOWTO/packet-filtering-HOWTO-7.html +19. https://www.dan.me.uk/torlist/ https://www.honeynet.org/node/691 http://wiki.lvl1.org/Iptables |