block tor users with iptables?

qwertyjjj · 04-12-2013, 04:45 PM

I have users connecting via VPN to my server.
I need to block tor users and also bittorrent users.
Is there a way to do this using iptables?

unSpawn · 04-12-2013, 06:04 PM

For TOR you could use the list of IP addresses TOR websites allow you to export (use ipset plus one iptables rule and maybe one rule for common ports) for Bittorrent that would be the common port range and if you feel like it a layer 7 filter.

John VV · 04-12-2013, 07:47 PM

the 6880 or 6881 ( and the udp+4 for vuez ) for bit torrent normally get blocked
a lot of people are using ports in the 40,000 to 65,536 port range

unSpawn · 04-13-2013, 01:16 AM

Quote:

Originally Posted by John VV

the 6880 or 6881 ( and the udp+4 for vuez ) for bit torrent normally get blocked

It's TCP 6880 to 6899 IIRC.

Quote:

Originally Posted by John VV

a lot of people are using ports in the 40,000 to 65,536 port range

Indeed and that goes for TOR as well like TCP port 22, 80 or 443.

qwertyjjj · 04-13-2013, 04:06 AM

Quote:

Originally Posted by unSpawn

For TOR you could use the list of IP addresses TOR websites allow you to export (use ipset plus one iptables rule and maybe one rule for common ports) for Bittorrent that would be the common port range and if you feel like it a layer 7 filter.

I thought the whole point of tor was that it was supposed to be secure. If you can find out the IP addresses of websites that easily then what use is it?

unSpawn · 04-13-2013, 05:59 PM

No, I mean the three to five web sites that list TOR node status. They allow you to export the data easily.