Table of contents

Introduction

Blocking traffic from the Tor Network can be essential to keeping your server safe from malicious users. The anonymity afforded by the Tor network makes it difficult to identify and monitor bad actors, which is why blocking all traffic originating from this network is recommended as a preventive measure against possible attacks.

In this guide, we will discuss everything you need to know about blocking traffic from the Tor Network. We will cover how to identify traffic coming from the Tor Network, how to set up blocking rules on your firewall, and other best practices for blocking Tor traffic.

ℹ️
The objective of this guide is not to prevent Tor users from gaining access to information, but rather to minimize the risk of attacks on your services.

What is the Tor Network?

The Tor network, also known as The Onion Router, is a widely used network of computers designed to enable anonymous communication. It works by routing users’ internet traffic through a series of nodes in the network and encrypting it along the way. This makes it difficult for anyone observing your traffic to identify where the data is going or coming from.

The main purpose of the network is to provide increased privacy when browsing online, but it has come under criticism because some people use this anonymity for malicious purposes such as hacking, fraud, and terrorism.

How to block Tor traffic on Linux

Install ipset

ipset is a command line utility for managing IP sets on Linux. IP sets are collections of IP addresses and networks that can be referenced by iptables to block or allow traffic.

Using ipset, you can define a set of IPs to be blocked and add them to your blocking rules.

  • Debian/Ubuntu: sudo apt-get install ipset
  • RedHat: sudo yum install ipset
  • Arch Linux: sudo pacman -S ipset

Create a new ipset

In your terminal run: ipset create tor-exit-nodes iphash followed by Enter.

Fetch exit node IPs and add them to the ipset

curl -sSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do
	ipset -q -A tor-exit-nodes $IP
done

Block all tor-exit-nodes with iptables

iptables -A INPUT -m set --match-set tor-exit-nodes src -j DROP

Testing if Tor block is working

Spin up your Tor browser and try to visit your site, you should see the loading bar moving for a long time until the connection eventually times out. That means the block is working!

blocking tor exit nodes, tor browser

Making the Tor block survive system reboots

To ensure your blocking rules remain in place after rebooting, we will create a simple bash script and add it to the server's crontab.

Create a new file called block_tor.sh or whatever name you want to give it, paste in the following contents:

#!/bin/bash

IPSET_NAME="tor-exit-nodes"
if ipset list | grep -q "Name: $IPSET_NAME"; then
   echo "ipset $IPSET_NAME exists"
else
   echo "creating ipset $IPSET_NAME"
   ipset create $IPSET_NAME iphash
fi

function fetchTorExitNodes() {
   echo -ne "Fetching Tor exit node IP list"
   curl -sSL "https://check.torproject.org/torbulkexitlist" | sed '/^#/d' | while read IP; do
	ipset -q -A $IPSET_NAME $IP
   done
   echo ".. done"
}

fetchTorExitNodes

if ! iptables -C INPUT -m set --match-set tor-exit-nodes src -j DROP; then
  iptables -A INPUT -m set --match-set tor-exit-nodes src -j DROP
  echo "Added iptables rule to block ipset $IPSET_NAME"
fi

This script will:

  1. Check if ipset exists and create one if it doesn't.
  2. Fetch all Tor exit nodes IP addresses.
  3. Add iptables rule to block all IPs matching tor-exit-nodes ipset.

Now, let's add it to the crontab: sudo crontab -e

Paste in the following:

@reboot /home/user/block_tor.sh
0 3 * * * /home/user/block_tor.sh

This will make the script run at system reboots and everyday at 3am.

Additional resources

TOR Node List
Displays a full TOR node list no more than one hour old. Includes detailed information in script-readable format
Even larger list of Tor network IP addresses, you can use it instead of the official API

Summary

This blog post provides a guide to blocking traffic from the Tor Network. It outlines how to identify traffic coming from the Tor Network, set up blocking rules on your firewall, and best practices for blocking Tor traffic. It covers installing ipset, creating an ipset of Tor exit nodes IPs, blocking all tor-exit-nodes with iptables and testing that block, as well as making the block survive system reboots. Finally, it explains how to create a bash script and add it to crontab.