Introduction
Blocking traffic from the Tor Network can be essential to keeping your server safe from malicious users. The anonymity afforded by the Tor network makes it difficult to identify and monitor bad actors, which is why blocking all traffic originating from this network is recommended as a preventive measure against possible attacks.
In this guide, we will discuss everything you need to know about blocking traffic from the Tor Network. We will cover how to identify traffic coming from the Tor Network, how to set up blocking rules on your firewall, and other best practices for blocking Tor traffic.
What is the Tor Network?
The Tor network, also known as The Onion Router, is a widely used network of computers designed to enable anonymous communication. It works by routing users’ internet traffic through a series of nodes in the network and encrypting it along the way. This makes it difficult for anyone observing your traffic to identify where the data is going or coming from.
The main purpose of the network is to provide increased privacy when browsing online, but it has come under criticism because some people use this anonymity for malicious purposes such as hacking, fraud, and terrorism.
How to block Tor traffic on Linux
Install ipset
ipset is a command line utility for managing IP sets on Linux. IP sets are collections of IP addresses and networks that can be referenced by iptables to block or allow traffic.
Using ipset, you can define a set of IPs to be blocked and add them to your blocking rules.
- Debian/Ubuntu:
sudo apt-get install ipset
- RedHat:
sudo yum install ipset
- Arch Linux:
sudo pacman -S ipset
Create a new ipset
In your terminal run: ipset create tor-exit-nodes iphash
followed by Enter.
Fetch exit node IPs and add them to the ipset
curl -sSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do
ipset -q -A tor-exit-nodes $IP
done
Block all tor-exit-nodes with iptables
iptables -A INPUT -m set --match-set tor-exit-nodes src -j DROP
Testing if Tor block is working
Spin up your Tor browser and try to visit your site, you should see the loading bar moving for a long time until the connection eventually times out. That means the block is working!
Making the Tor block survive system reboots
To ensure your blocking rules remain in place after rebooting, we will create a simple bash script and add it to the server's crontab.
Create a new file called block_tor.sh
or whatever name you want to give it, paste in the following contents:
#!/bin/bash
IPSET_NAME="tor-exit-nodes"
if ipset list | grep -q "Name: $IPSET_NAME"; then
echo "ipset $IPSET_NAME exists"
else
echo "creating ipset $IPSET_NAME"
ipset create $IPSET_NAME iphash
fi
function fetchTorExitNodes() {
echo -ne "Fetching Tor exit node IP list"
curl -sSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do
ipset -q -A $IPSET_NAME $IP
done
echo ".. done"
}
fetchTorExitNodes
if ! iptables -C INPUT -m set --match-set tor-exit-nodes src -j DROP; then
iptables -A INPUT -m set --match-set tor-exit-nodes src -j DROP
echo "Added iptables rule to block ipset $IPSET_NAME"
fi
This script will:
- Check if
ipset
exists and create one if it doesn't. - Fetch all Tor exit nodes IP addresses.
- Add
iptables
rule to block all IPs matchingtor-exit-nodes
ipset.
Now, let's add it to the crontab: sudo crontab -e
Paste in the following:
@reboot /home/user/block_tor.sh
0 3 * * * /home/user/block_tor.sh
This will make the script run at system reboots and everyday at 3am.
Additional resources
Summary
This blog post provides a guide to blocking traffic from the Tor Network. It outlines how to identify traffic coming from the Tor Network, set up blocking rules on your firewall, and best practices for blocking Tor traffic. It covers installing ipset, creating an ipset of Tor exit nodes IPs, blocking all tor-exit-nodes with iptables and testing that block, as well as making the block survive system reboots. Finally, it explains how to create a bash script and add it to crontab.