If you got tired of IRC “kiddies” coming from TOR networks or you don't want the visiting your services then this script is for you. It takes realtime list of TOR IP [servers and exit nodes] and updates your iptables list:

#!/bin/bash
# A simple bash script to block IP traffic from TOR exit nodes.
# written by Andrew Vetlugin (antrew at gmail com)
# add this script to crontab (I think 10-20 minutes interval should be OK)

wget='/usr/bin/wget'
iptables='/sbin/iptables'
url='http://torstatus.blutmagie.de/ip_list_all.php/Tor_ip_list_ALL.csv'

iptables_target='DROP'

# put this in your original firewall script:
#  $IPTB -F irc-access
#  $IPTB -N irc-access
#  $IPTB -A INPUT -p tcp -m state --syn --state NEW  --dport 6667 -g irc-access
#  $IPTB -A INPUT -p tcp -m state --syn --state NEW  --dport 6668 -g irc-access
#  $IPTB -A INPUT -p tcp -m state --syn --state NEW  --dport 6697 -g irc-access
#  $IPTB -A irc-access -j ACCEPT
#

# flush chain
$iptables -F irc-access

# add TOR exit nodes to TOR_EXIT chain with $iptables_target rule
for node in `$wget -q --no-check-certificate -O - $url | sort | uniq`; do
 $iptables -A irc-access -s $node -j $iptables_target
done

# return to parent chain if the source is not TOR exit node
$iptables -A irc-access -j ACCEPT
linux/firewall_blocktor.txt · Last modified: 2010/01/28 20:57 by greebo
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready