If you got tired of IRC “kiddies” coming from TOR networks or you don't want the visiting your services then this script is for you. It takes realtime list of TOR IP [servers and exit nodes] and updates your iptables list:
Updated list - https://check.torproject.org/torbulkexitlist?ip=1.1.1.1
#!/bin/bash # A simple bash script to block IP traffic from TOR exit nodes. # written by Andrew Vetlugin (antrew at gmail com) # add this script to crontab (I think 10-20 minutes interval should be OK) wget='/usr/bin/wget' iptables='/sbin/iptables' url='http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv' iptables_target='DROP' # put this in your original firewall script: # $IPTB -F irc-access # $IPTB -N irc-access # $IPTB -A INPUT -p tcp -m state --syn --state NEW --dport 6667 -g irc-access # $IPTB -A INPUT -p tcp -m state --syn --state NEW --dport 6668 -g irc-access # $IPTB -A INPUT -p tcp -m state --syn --state NEW --dport 6697 -g irc-access # $IPTB -A irc-access -j ACCEPT # # flush chain $iptables -F irc-access # add TOR exit nodes to TOR_EXIT chain with $iptables_target rule for node in `$wget -q --no-check-certificate -O - $url | sort | uniq`; do $iptables -A irc-access -s $node -j $iptables_target done # return to parent chain if the source is not TOR exit node $iptables -A irc-access -j ACCEPT