Community Forum

Resolved
0 votes
Hello there!
I am having real issues trying to block tor browser, I already tried this: https://www.clearos.com/clearfoundation/social/community/blocking-tor-browser-in-clearos-6
even the protocol filter and app filter, also the scripts in github named blocktor.

everything added something to my iptables but nothing stops tor

COS 7 fully updated, proxy non transparent+nouserauth
ideas?
Monday, February 06 2017, 02:00 PM
Share this post:
Responses (28)
  • Accepted Answer

    Sunday, March 26 2017, 08:16 AM - #Permalink
    Resolved
    0 votes
    I've just bumped into a problem with my ipset setup! If I do:
    iptables -w -I INPUT -i enp2S0 -m set --match-set country-list src -p tcp -m multiport ! --dports 25,80,443 -m state --state NEW -j DROP
    nothing gets blocked but if I do
    iptables -w -I INPUT -m set --match-set country-list src -p tcp -m multiport ! --dports 25,80,443 -m state --state NEW -j DROP
    (no -i enp2S0) then it works. It looks like there is some interplay with the parameters. I am posting to the netfilter list to try and see what is going on.

    (note $IPTABLES = "iptables -w" in a firewall script)
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 15 2017, 06:12 PM - #Permalink
    Resolved
    0 votes
    I am as clueless :( Is it the same version of ClearOS on both servers?

    Can I ask you to edit your huge post with the file and ipset set dump? It is huge and makes the thread very slow to load.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 15 2017, 02:27 PM - #Permalink
    Resolved
    0 votes
    Hello Nick!
    testing the malicious ips in set tor-block :
    [root@gateway ~]# ipset test tor-block 164.132.51.91
    164.132.51.91 is in set tor-block.
    [root@gateway ~]# ipset test tor-block 46.165.230.5
    46.165.230.5 is in set tor-block.


    I have to tell you, did something just for testing. Restore the config at some point where ipset was working.
    and it is working again!. tried to move the files into the production server....... not worked.
    I couldn't replicate the setup.

    ip_set is loaded in my kernel. the firewall is working normally. clueless
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 08:36 PM - #Permalink
    Resolved
    0 votes
    It is worth doing a google of "tor exit nodes". There are some great references out there such as this which leads to this and this. There are also heaps of places to source TOR IP's including directly from the Tor Project. You could try cross-referencing the lists.

    Also note you could combine multiple lists as the script will reject any duplicates.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 07:45 PM - #Permalink
    Resolved
    0 votes
    That shows the IP set is the same as the save file. Do you know which IP's are getting through?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 07:18 PM - #Permalink
    Resolved
    0 votes
    thanks, as I said, it was working, was......
    I already check tor ips against this ones. they are in it.
    so, my outputs :
    cat /usr/src/ipset_tor-block.save 
    create -exist tor-block hash:net family inet hashsize 1024 maxelem 65536
    add -exist tor-block 158.255.5.207
    add -exist tor-block 93.64.207.55
    add -exist tor-block 164.70.1.193
    add -exist tor-block 59.177.65.112
    add -exist tor-block 77.27.126.221
    add -exist tor-block 185.16.173.84
    add -exist tor-block 163.172.190.34
    add -exist tor-block 185.175.208.179
    add -exist tor-block 87.60.172.92
    add -exist tor-block 94.34.93.176
    add -exist tor-block 50.26.2.232
    add -exist tor-block 82.211.19.143
    add -exist tor-block 217.170.201.106
    add -exist tor-block 211.76.55.92
    add -exist tor-block 185.100.87.192
    add -exist tor-block 37.187.129.166
    add -exist tor-block 51.15.43.205
    add -exist tor-block 68.109.18.141
    add -exist tor-block 77.170.230.163
    add -exist tor-block 104.200.20.46
    add -exist tor-block 5.39.217.14
    add -exist tor-block 104.233.83.9
    add -exist tor-block 85.195.107.250
    add -exist tor-block 37.218.240.68
    add -exist tor-block 120.56.169.168
    add -exist tor-block 185.38.14.215
    add -exist tor-block 150.107.150.101
    add -exist tor-block 72.12.207.14
    add -exist tor-block 82.245.109.199
    add -exist tor-block 185.35.138.92
    add -exist tor-block 139.162.57.167
    add -exist tor-block 216.218.134.12
    add -exist tor-block 162.247.72.213
    add -exist tor-block 91.203.5.165
    add -exist tor-block 148.251.255.92
    add -exist tor-block 64.124.32.84
    add -exist tor-block 109.194.110.145
    add -exist tor-block 92.222.103.232
    add -exist tor-block 45.62.249.18
    add -exist tor-block 185.34.52.96
    add -exist tor-block 5.189.188.111
    add -exist tor-block 51.15.135.103
    add -exist tor-block 212.19.17.213
    add -exist tor-block 109.201.133.100
    add -exist tor-block 97.74.237.196
    add -exist tor-block 93.95.228.80
    add -exist tor-block 185.34.33.2
    add -exist tor-block 95.215.44.194
    add -exist tor-block 216.17.101.79
    add -exist tor-block 212.47.227.114
    add -exist tor-block 89.187.144.122
    add -exist tor-block 78.107.237.16
    add -exist tor-block 37.218.240.50
    add -exist tor-block 69.162.139.9
    add -exist tor-block 81.89.0.196
    add -exist tor-block 92.222.180.87
    add -exist tor-block 82.211.31.247
    add -exist tor-block 198.98.53.61
    add -exist tor-block 81.89.0.195
    add -exist tor-block 94.31.53.203
    add -exist tor-block 108.85.99.10
    add -exist tor-block 176.126.252.12
    add -exist tor-block 46.166.148.176
    add -exist tor-block 137.74.167.224
    add -exist tor-block 91.235.136.50
    add -exist tor-block 176.10.104.240
    add -exist tor-block 61.231.0.7
    add -exist tor-block 95.211.230.94
    add -exist tor-block 146.185.150.219
    add -exist tor-block 80.99.70.115
    add -exist tor-block 77.247.181.165
    add -exist tor-block 62.210.37.82
    add -exist tor-block 178.62.217.233
    add -exist tor-block 208.113.166.5
    add -exist tor-block 150.107.150.102
    add -exist tor-block 158.255.5.178
    add -exist tor-block 176.123.26.27
    add -exist tor-block 188.209.49.34
    add -exist tor-block 37.200.98.117
    add -exist tor-block 192.36.27.7
    add -exist tor-block 193.107.85.57
    add -exist tor-block 51.15.37.97
    add -exist tor-block 85.143.219.211
    add -exist tor-block 201.68.215.52
    add -exist tor-block 5.9.146.203
    add -exist tor-block 205.168.84.133
    add -exist tor-block 176.38.163.77
    add -exist tor-block 77.81.240.41
    add -exist tor-block 173.208.213.114
    add -exist tor-block 37.218.240.101
    add -exist tor-block 176.123.26.10
    add -exist tor-block 64.137.184.36
    add -exist tor-block 191.101.226.15
    add -exist tor-block 93.115.95.201
    add -exist tor-block 158.255.5.117
    add -exist tor-block 190.10.8.50
    add -exist tor-block 178.17.171.93
    add -exist tor-block 185.120.147.171
    add -exist tor-block 149.202.63.214
    add -exist tor-block 204.85.191.30
    add -exist tor-block 62.133.130.105
    add -exist tor-block 163.172.151.47
    add -exist tor-block 163.172.136.101
    add -exist tor-block 5.28.62.85
    add -exist tor-block 204.17.56.42
    add -exist tor-block 109.169.33.163
    add -exist tor-block 176.58.89.182
    add -exist tor-block 141.138.141.208
    add -exist tor-block 185.65.200.93
    add -exist tor-block 46.233.0.70
    add -exist tor-block 5.196.121.161
    add -exist tor-block 62.210.129.246
    add -exist tor-block 176.122.119.103
    add -exist tor-block 195.228.45.176
    add -exist tor-block 93.115.95.207
    add -exist tor-block 85.248.227.164
    add -exist tor-block 178.63.97.34
    add -exist tor-block 185.117.82.132
    add -exist tor-block 79.134.234.247
    add -exist tor-block 46.246.93.70
    add -exist tor-block 108.61.122.88
    add -exist tor-block 185.100.87.186
    add -exist tor-block 173.255.231.125
    add -exist tor-block 37.218.240.80
    add -exist tor-block 94.198.100.17
    add -exist tor-block 154.127.61.134
    add -exist tor-block 93.115.241.2
    add -exist tor-block 92.222.115.28
    add -exist tor-block 173.212.197.112
    add -exist tor-block 91.121.77.37
    add -exist tor-block 195.254.135.76
    add -exist tor-block 46.28.107.82
    add -exist tor-block 162.247.72.7
    add -exist tor-block 82.165.142.79
    add -exist tor-block 198.100.148.112
    add -exist tor-block 179.178.78.206
    add -exist tor-block 5.228.5.57
    add -exist tor-block 178.17.170.212
    add -exist tor-block 199.68.196.124
    add -exist tor-block 64.137.178.47
    add -exist tor-block 213.95.21.54
    add -exist tor-block 192.36.27.6
    add -exist tor-block 187.104.60.81
    add -exist tor-block 162.247.72.202
    add -exist tor-block 89.234.157.254
    add -exist tor-block 173.79.162.220
    add -exist tor-block 52.164.227.83
    add -exist tor-block 198.50.200.135
    add -exist tor-block 46.166.148.144
    add -exist tor-block 104.40.212.19
    add -exist tor-block 103.41.177.49
    add -exist tor-block 46.166.148.154
    add -exist tor-block 62.210.69.79
    add -exist tor-block 46.166.148.153
    add -exist tor-block 198.167.223.38
    add -exist tor-block 168.1.75.41
    add -exist tor-block 45.33.23.23
    add -exist tor-block 139.162.144.133
    add -exist tor-block 46.246.49.134
    add -exist tor-block 198.58.100.240
    add -exist tor-block 115.186.243.60
    add -exist tor-block 93.115.95.206
    add -exist tor-block 199.127.226.150
    add -exist tor-block 81.89.0.204
    add -exist tor-block 185.104.120.4
    add -exist tor-block 40.118.98.190
    add -exist tor-block 188.213.165.101
    add -exist tor-block 213.108.105.71
    add -exist tor-block 212.109.217.131
    add -exist tor-block 195.154.122.54
    add -exist tor-block 72.52.75.27
    add -exist tor-block 184.105.220.24
    add -exist tor-block 93.115.95.216
    add -exist tor-block 185.24.233.74
    add -exist tor-block 185.100.87.143
    add -exist tor-block 46.188.56.214
    add -exist tor-block 185.29.8.132
    add -exist tor-block 89.31.57.5
    add -exist tor-block 162.243.75.204
    add -exist tor-block 13.73.158.253
    add -exist tor-block 178.217.187.39
    add -exist tor-block 46.182.18.214
    add -exist tor-block 66.155.4.213
    add -exist tor-block 95.140.42.183
    add -exist tor-block 31.185.104.19
    add -exist tor-block 59.177.66.72
    add -exist tor-block 85.25.29.22
    add -exist tor-block 95.165.148.12
    add -exist tor-block 95.142.161.63
    add -exist tor-block 85.143.95.50
    add -exist tor-block 185.100.86.86
    add -exist tor-block 46.183.221.137
    add -exist tor-block 185.30.238.77
    add -exist tor-block 118.163.74.161
    add -exist tor-block 144.217.60.211
    add -exist tor-block 82.221.128.217
    add -exist tor-block 106.187.37.101
    add -exist tor-block 51.15.50.233
    add -exist tor-block 85.159.237.210
    add -exist tor-block 63.223.69.103
    add -exist tor-block 162.247.72.200
    add -exist tor-block 185.100.85.190
    add -exist tor-block 46.182.18.111
    add -exist tor-block 162.244.26.76
    add -exist tor-block 199.68.196.123
    add -exist tor-block 37.187.176.64
    add -exist tor-block 46.72.80.54
    add -exist tor-block 46.246.42.236
    add -exist tor-block 50.31.252.11
    add -exist tor-block 89.34.237.192
    add -exist tor-block 179.43.151.226
    add -exist tor-block 109.173.57.250
    add -exist tor-block 192.34.80.176
    add -exist tor-block 91.219.236.218
    add -exist tor-block 85.90.244.23
    add -exist tor-block 144.217.60.239
    add -exist tor-block 46.165.230.5
    add -exist tor-block 146.115.145.143
    add -exist tor-block 109.163.234.5
    add -exist tor-block 103.10.197.50
    add -exist tor-block 188.165.59.43
    add -exist tor-block 79.143.186.17
    add -exist tor-block 64.137.244.96
    add -exist tor-block 185.16.200.176
    add -exist tor-block 71.135.40.181
    add -exist tor-block 163.172.160.182
    add -exist tor-block 190.210.182.173
    add -exist tor-block 205.185.115.60
    add -exist tor-block 95.165.133.22
    add -exist tor-block 109.173.57.54
    add -exist tor-block 79.137.79.31
    add -exist tor-block 87.98.178.61
    add -exist tor-block 172.245.32.186
    add -exist tor-block 158.255.5.206
    add -exist tor-block 185.100.85.147
    add -exist tor-block 178.32.53.94
    add -exist tor-block 167.114.230.104
    add -exist tor-block 87.118.92.43
    add -exist tor-block 93.189.90.244
    add -exist tor-block 89.109.226.75
    add -exist tor-block 91.213.8.235
    add -exist tor-block 50.128.140.134
    add -exist tor-block 89.34.237.101
    add -exist tor-block 163.172.142.15
    add -exist tor-block 46.182.19.219
    add -exist tor-block 163.172.170.212
    add -exist tor-block 37.48.120.9
    add -exist tor-block 178.175.131.194
    add -exist tor-block 195.123.210.95
    add -exist tor-block 171.25.193.78
    add -exist tor-block 5.189.153.91
    add -exist tor-block 95.141.35.15
    add -exist tor-block 103.199.16.58
    add -exist tor-block 199.87.154.255
    add -exist tor-block 62.141.35.91
    add -exist tor-block 46.166.162.53
    add -exist tor-block 41.223.53.141
    add -exist tor-block 89.45.226.28
    add -exist tor-block 82.71.211.13
    add -exist tor-block 185.73.44.54
    add -exist tor-block 46.38.48.12
    add -exist tor-block 185.112.157.135
    add -exist tor-block 185.145.128.149
    add -exist tor-block 176.10.99.205
    add -exist tor-block 109.163.234.2
    add -exist tor-block 207.244.70.35
    add -exist tor-block 51.254.48.93
    add -exist tor-block 51.254.23.203
    add -exist tor-block 51.15.39.2
    add -exist tor-block 209.159.137.156
    add -exist tor-block 178.20.55.18
    add -exist tor-block 103.29.70.23
    add -exist tor-block 210.3.102.152
    add -exist tor-block 93.65.213.31
    add -exist tor-block 176.10.107.180
    add -exist tor-block 212.47.243.140
    add -exist tor-block 69.30.214.210
    add -exist tor-block 46.166.148.152
    add -exist tor-block 204.11.50.131
    add -exist tor-block 185.65.205.10
    add -exist tor-block 193.111.141.114
    add -exist tor-block 87.98.250.244
    add -exist tor-block 45.79.104.251
    add -exist tor-block 185.129.62.63
    add -exist tor-block 84.53.232.154
    add -exist tor-block 84.200.56.36
    add -exist tor-block 62.210.81.52
    add -exist tor-block 162.220.246.230
    add -exist tor-block 84.48.199.78
    add -exist tor-block 37.157.196.97
    add -exist tor-block 212.26.245.34
    add -exist tor-block 80.79.23.7
    add -exist tor-block 82.211.0.201
    add -exist tor-block 92.222.6.12
    add -exist tor-block 109.128.134.225
    add -exist tor-block 46.41.150.74
    add -exist tor-block 163.172.209.46
    add -exist tor-block 163.172.221.209
    add -exist tor-block 185.87.185.45
    add -exist tor-block 46.166.148.177
    add -exist tor-block 208.67.1.164
    add -exist tor-block 89.249.133.165
    add -exist tor-block 80.169.241.76
    add -exist tor-block 24.151.31.24
    add -exist tor-block 162.247.73.74
    add -exist tor-block 64.137.201.90
    add -exist tor-block 51.15.1.125
    add -exist tor-block 176.10.99.207
    add -exist tor-block 185.25.50.103
    add -exist tor-block 176.10.99.204
    add -exist tor-block 185.165.168.196
    add -exist tor-block 51.15.40.233
    add -exist tor-block 64.137.178.3
    add -exist tor-block 85.248.227.165
    add -exist tor-block 198.46.138.18
    add -exist tor-block 193.15.16.4
    add -exist tor-block 172.94.100.173
    add -exist tor-block 109.163.234.7
    add -exist tor-block 18.248.1.85
    add -exist tor-block 107.182.131.117
    add -exist tor-block 176.116.104.49
    add -exist tor-block 31.185.104.21
    add -exist tor-block 192.166.218.63
    add -exist tor-block 162.221.201.57
    add -exist tor-block 50.7.176.2
    add -exist tor-block 41.182.24.80
    add -exist tor-block 104.236.141.156
    add -exist tor-block 185.162.10.121
    add -exist tor-block 151.80.238.152
    add -exist tor-block 117.201.240.2
    add -exist tor-block 178.17.170.27
    add -exist tor-block 62.210.105.116
    add -exist tor-block 185.175.208.180
    add -exist tor-block 85.25.103.69
    add -exist tor-block 188.143.29.177
    add -exist tor-block 185.8.237.45
    add -exist tor-block 31.16.244.48
    add -exist tor-block 209.123.234.23
    add -exist tor-block 212.47.253.223
    add -exist tor-block 65.19.167.130
    add -exist tor-block 158.255.7.61
    add -exist tor-block 149.56.204.218
    add -exist tor-block 171.25.193.25
    add -exist tor-block 62.12.115.107
    add -exist tor-block 192.160.102.166
    add -exist tor-block 86.104.15.15
    add -exist tor-block 5.79.68.161
    add -exist tor-block 5.39.86.206
    add -exist tor-block 31.162.73.214
    add -exist tor-block 203.217.173.146
    add -exist tor-block 104.245.233.128
    add -exist tor-block 86.59.165.99
    add -exist tor-block 50.53.181.45
    add -exist tor-block 86.107.110.210
    add -exist tor-block 115.70.208.17
    add -exist tor-block 171.25.193.235
    add -exist tor-block 139.162.226.245
    add -exist tor-block 79.137.87.213
    add -exist tor-block 50.247.195.124
    add -exist tor-block 163.172.153.12
    add -exist tor-block 198.50.159.155
    add -exist tor-block 128.199.47.160
    add -exist tor-block 191.96.249.110
    add -exist tor-block 94.102.50.42
    add -exist tor-block 82.250.153.184
    add -exist tor-block 37.220.36.240
    add -exist tor-block 104.233.120.108
    add -exist tor-block 163.172.217.50
    add -exist tor-block 176.145.182.43
    add -exist tor-block 89.221.209.100
    add -exist tor-block 93.89.101.27
    add -exist tor-block 40.69.73.77
    add -exist tor-block 176.67.169.254
    add -exist tor-block 176.31.45.3
    add -exist tor-block 87.118.122.30
    add -exist tor-block 109.163.234.4
    add -exist tor-block 138.197.207.243
    add -exist tor-block 216.218.222.12
    add -exist tor-block 178.208.102.91
    add -exist tor-block 185.31.172.234
    add -exist tor-block 95.130.11.147
    add -exist tor-block 158.255.6.242
    add -exist tor-block 109.163.234.8
    add -exist tor-block 62.210.254.127
    add -exist tor-block 87.118.114.145
    add -exist tor-block 82.196.8.13
    add -exist tor-block 193.201.225.45
    add -exist tor-block 109.163.234.9
    add -exist tor-block 64.137.231.56
    add -exist tor-block 31.16.89.170
    add -exist tor-block 64.137.243.67
    add -exist tor-block 88.161.203.46
    add -exist tor-block 185.117.215.9
    add -exist tor-block 192.42.115.102
    add -exist tor-block 78.130.128.106
    add -exist tor-block 216.218.222.13
    add -exist tor-block 139.162.28.31
    add -exist tor-block 176.31.215.157
    add -exist tor-block 80.255.6.11
    add -exist tor-block 79.137.87.212
    add -exist tor-block 85.93.218.204
    add -exist tor-block 185.100.86.100
    add -exist tor-block 100.38.112.167
    add -exist tor-block 68.71.46.138
    add -exist tor-block 5.249.145.164
    add -exist tor-block 192.99.54.79
    add -exist tor-block 78.142.175.70
    add -exist tor-block 31.31.74.69
    add -exist tor-block 198.58.107.53
    add -exist tor-block 185.31.161.102
    add -exist tor-block 46.28.110.136
    add -exist tor-block 45.62.232.20
    add -exist tor-block 185.113.128.79
    add -exist tor-block 93.158.216.52
    add -exist tor-block 137.74.167.161
    add -exist tor-block 76.85.200.64
    add -exist tor-block 185.10.68.95
    add -exist tor-block 171.25.193.131
    add -exist tor-block 46.162.192.166
    add -exist tor-block 124.109.1.207
    add -exist tor-block 82.221.139.190
    add -exist tor-block 92.243.69.105
    add -exist tor-block 94.177.234.243
    add -exist tor-block 89.38.208.57
    add -exist tor-block 78.21.52.58
    add -exist tor-block 50.115.164.113
    add -exist tor-block 178.17.174.10
    add -exist tor-block 173.255.115.146
    add -exist tor-block 80.162.43.72
    add -exist tor-block 92.222.22.113
    add -exist tor-block 93.186.14.70
    add -exist tor-block 69.164.207.234
    add -exist tor-block 95.211.118.194
    add -exist tor-block 167.88.35.108
    add -exist tor-block 185.121.168.254
    add -exist tor-block 192.42.115.101
    add -exist tor-block 217.115.10.132
    add -exist tor-block 45.76.29.254
    add -exist tor-block 146.185.163.116
    add -exist tor-block 31.220.42.233
    add -exist tor-block 45.62.247.18
    add -exist tor-block 46.148.26.108
    add -exist tor-block 5.199.130.188
    add -exist tor-block 176.10.99.200
    add -exist tor-block 181.175.111.24
    add -exist tor-block 155.133.82.112
    add -exist tor-block 109.230.231.222
    add -exist tor-block 212.81.199.159
    add -exist tor-block 128.52.128.105
    add -exist tor-block 185.25.50.17
    add -exist tor-block 37.59.254.9
    add -exist tor-block 185.129.62.62
    add -exist tor-block 194.67.214.123
    add -exist tor-block 92.145.43.41
    add -exist tor-block 213.161.5.12
    add -exist tor-block 212.92.219.15
    add -exist tor-block 45.32.239.166
    add -exist tor-block 162.247.73.204
    add -exist tor-block 91.146.121.3
    add -exist tor-block 87.118.122.51
    add -exist tor-block 64.137.244.19
    add -exist tor-block 144.217.161.119
    add -exist tor-block 51.15.43.202
    add -exist tor-block 185.103.99.60
    add -exist tor-block 192.99.68.115
    add -exist tor-block 41.206.188.206
    add -exist tor-block 31.185.104.20
    add -exist tor-block 107.191.56.192
    add -exist tor-block 167.114.34.150
    add -exist tor-block 89.252.2.140
    add -exist tor-block 92.222.38.67
    add -exist tor-block 198.50.191.95
    add -exist tor-block 94.242.57.84
    add -exist tor-block 198.143.136.228
    add -exist tor-block 192.195.80.10
    add -exist tor-block 199.68.196.126
    add -exist tor-block 77.153.10.26
    add -exist tor-block 109.63.235.182
    add -exist tor-block 185.100.86.128
    add -exist tor-block 81.89.0.197
    add -exist tor-block 217.103.164.150
    add -exist tor-block 103.3.61.114
    add -exist tor-block 198.50.200.130
    add -exist tor-block 149.202.238.204
    add -exist tor-block 195.123.212.34
    add -exist tor-block 84.200.82.163
    add -exist tor-block 13.74.174.90
    add -exist tor-block 195.169.125.226
    add -exist tor-block 81.89.0.203
    add -exist tor-block 109.108.3.87
    add -exist tor-block 81.89.0.199
    add -exist tor-block 146.185.177.103
    add -exist tor-block 88.200.73.100
    add -exist tor-block 46.165.223.217
    add -exist tor-block 172.113.240.215
    add -exist tor-block 192.87.28.28
    add -exist tor-block 87.118.84.181
    add -exist tor-block 168.235.153.203
    add -exist tor-block 185.12.45.79
    add -exist tor-block 84.200.50.18
    add -exist tor-block 125.212.241.182
    add -exist tor-block 91.203.146.126
    add -exist tor-block 103.234.220.197
    add -exist tor-block 172.97.103.47
    add -exist tor-block 41.231.53.101
    add -exist tor-block 41.103.218.29
    add -exist tor-block 166.70.15.14
    add -exist tor-block 65.112.221.35
    add -exist tor-block 93.174.93.133
    add -exist tor-block 5.9.158.75
    add -exist tor-block 93.115.95.205
    add -exist tor-block 92.222.81.196
    add -exist tor-block 163.172.223.200
    add -exist tor-block 46.29.248.238
    add -exist tor-block 37.220.35.202
    add -exist tor-block 173.255.226.142
    add -exist tor-block 59.127.163.155
    add -exist tor-block 149.56.223.241
    add -exist tor-block 162.247.72.216
    add -exist tor-block 86.148.218.110
    add -exist tor-block 81.37.224.42
    add -exist tor-block 84.190.191.22
    add -exist tor-block 216.218.222.10
    add -exist tor-block 89.207.129.150
    add -exist tor-block 162.243.18.80
    add -exist tor-block 176.214.50.130
    add -exist tor-block 85.25.44.141
    add -exist tor-block 103.8.79.229
    add -exist tor-block 185.100.85.220
    add -exist tor-block 109.230.252.173
    add -exist tor-block 149.202.98.160
    add -exist tor-block 94.228.86.11
    add -exist tor-block 204.27.60.147
    add -exist tor-block 199.254.238.44
    add -exist tor-block 193.90.12.90
    add -exist tor-block 89.236.34.117
    add -exist tor-block 77.151.20.214
    add -exist tor-block 144.217.99.46
    add -exist tor-block 173.255.229.8
    add -exist tor-block 80.240.139.111
    add -exist tor-block 89.187.142.208
    add -exist tor-block 149.56.229.17
    add -exist tor-block 77.73.66.111
    add -exist tor-block 91.219.236.174
    add -exist tor-block 192.87.28.82
    add -exist tor-block 31.131.4.167
    add -exist tor-block 192.36.27.4
    add -exist tor-block 193.150.121.78
    add -exist tor-block 82.94.251.227
    add -exist tor-block 62.102.148.67
    add -exist tor-block 185.100.87.241
    add -exist tor-block 188.65.144.2
    add -exist tor-block 5.189.146.133
    add -exist tor-block 185.14.30.238
    add -exist tor-block 82.161.210.87
    add -exist tor-block 5.148.165.13
    add -exist tor-block 94.26.140.150
    add -exist tor-block 46.166.148.145
    add -exist tor-block 80.244.81.191
    add -exist tor-block 193.90.12.86
    add -exist tor-block 179.43.146.230
    add -exist tor-block 162.221.202.230
    add -exist tor-block 66.180.193.219
    add -exist tor-block 23.92.28.23
    add -exist tor-block 137.74.167.96
    add -exist tor-block 185.82.217.36
    add -exist tor-block 121.54.175.50
    add -exist tor-block 193.169.135.133
    add -exist tor-block 46.105.100.149
    add -exist tor-block 91.219.237.244
    add -exist tor-block 104.46.34.192
    add -exist tor-block 163.172.35.247
    add -exist tor-block 64.137.189.77
    add -exist tor-block 5.61.34.63
    add -exist tor-block 51.15.44.142
    add -exist tor-block 186.149.249.18
    add -exist tor-block 79.172.193.32
    add -exist tor-block 173.14.173.227
    add -exist tor-block 158.255.5.160
    add -exist tor-block 37.48.120.196
    add -exist tor-block 93.115.95.202
    add -exist tor-block 171.25.193.77
    add -exist tor-block 13.81.114.52
    add -exist tor-block 212.16.104.33
    add -exist tor-block 14.202.230.49
    add -exist tor-block 62.210.246.163
    add -exist tor-block 162.243.100.225
    add -exist tor-block 149.202.98.161
    add -exist tor-block 62.212.73.141
    add -exist tor-block 94.242.228.174
    add -exist tor-block 46.23.72.81
    add -exist tor-block 104.206.237.21
    add -exist tor-block 199.68.196.125
    add -exist tor-block 217.115.10.131
    add -exist tor-block 87.118.115.176
    add -exist tor-block 93.184.66.227
    add -exist tor-block 67.215.255.140
    add -exist tor-block 93.95.100.203
    add -exist tor-block 92.222.69.25
    add -exist tor-block 173.254.216.66
    add -exist tor-block 190.216.2.136
    add -exist tor-block 185.146.168.19
    add -exist tor-block 87.118.122.50
    add -exist tor-block 151.50.22.124
    add -exist tor-block 78.249.58.119
    add -exist tor-block 87.98.152.151
    add -exist tor-block 176.31.180.157
    add -exist tor-block 62.210.245.138
    add -exist tor-block 109.69.67.17
    add -exist tor-block 185.25.51.33
    add -exist tor-block 92.51.245.85
    add -exist tor-block 141.69.205.121
    add -exist tor-block 163.172.134.238
    add -exist tor-block 46.72.4.29
    add -exist tor-block 198.167.223.33
    add -exist tor-block 185.66.200.10
    add -exist tor-block 124.248.244.174
    add -exist tor-block 139.162.16.13
    add -exist tor-block 77.109.139.87
    add -exist tor-block 162.247.72.201
    add -exist tor-block 178.17.171.40
    add -exist tor-block 64.137.245.56
    add -exist tor-block 209.222.77.220
    add -exist tor-block 79.224.81.119
    add -exist tor-block 163.172.35.249
    add -exist tor-block 89.144.12.15
    add -exist tor-block 212.47.246.21
    add -exist tor-block 109.120.180.245
    add -exist tor-block 78.31.164.41
    add -exist tor-block 95.130.11.170
    add -exist tor-block 94.23.173.249
    add -exist tor-block 216.239.90.19
    add -exist tor-block 91.219.236.232
    add -exist tor-block 65.19.167.132
    add -exist tor-block 5.196.1.129
    add -exist tor-block 185.100.85.101
    add -exist tor-block 158.69.36.131
    add -exist tor-block 24.207.212.154
    add -exist tor-block 217.211.89.66
    add -exist tor-block 91.219.237.229
    add -exist tor-block 23.92.27.23
    add -exist tor-block 185.50.191.250
    add -exist tor-block 89.223.27.241
    add -exist tor-block 86.253.69.197
    add -exist tor-block 162.247.72.27
    add -exist tor-block 31.185.27.1
    add -exist tor-block 194.88.143.66
    add -exist tor-block 45.33.48.204
    add -exist tor-block 163.172.67.180
    add -exist tor-block 185.72.244.24
    add -exist tor-block 74.207.248.110
    add -exist tor-block 80.85.84.23
    add -exist tor-block 104.167.116.234
    add -exist tor-block 158.193.153.6
    add -exist tor-block 59.115.112.16
    add -exist tor-block 94.242.57.2
    add -exist tor-block 185.29.8.211
    add -exist tor-block 176.10.99.203
    add -exist tor-block 176.10.99.209
    add -exist tor-block 176.136.25.17
    add -exist tor-block 64.137.180.197
    add -exist tor-block 137.74.169.241
    add -exist tor-block 71.46.220.68
    add -exist tor-block 51.15.53.83
    add -exist tor-block 195.123.209.184
    add -exist tor-block 108.175.11.230
    add -exist tor-block 94.242.57.161
    add -exist tor-block 50.76.159.218
    add -exist tor-block 185.100.86.167
    add -exist tor-block 45.79.207.176
    add -exist tor-block 149.202.58.41
    add -exist tor-block 185.118.251.20
    add -exist tor-block 92.222.84.136
    add -exist tor-block 79.137.81.168
    add -exist tor-block 46.167.245.51
    add -exist tor-block 37.187.239.8
    add -exist tor-block 185.159.130.223
    add -exist tor-block 77.81.107.138
    add -exist tor-block 46.36.30.146
    add -exist tor-block 46.183.221.231
    add -exist tor-block 185.165.168.123
    add -exist tor-block 46.183.216.205
    add -exist tor-block 104.130.169.121
    add -exist tor-block 46.183.218.199
    add -exist tor-block 5.79.86.15
    add -exist tor-block 84.200.56.34
    add -exist tor-block 185.135.156.94
    add -exist tor-block 185.100.86.154
    add -exist tor-block 178.17.170.164
    add -exist tor-block 95.128.43.164
    add -exist tor-block 185.145.129.197
    add -exist tor-block 84.19.179.229
    add -exist tor-block 176.67.168.210
    add -exist tor-block 46.166.148.143
    add -exist tor-block 91.59.68.193
    add -exist tor-block 108.32.49.20
    add -exist tor-block 195.178.166.72
    add -exist tor-block 138.68.2.118
    add -exist tor-block 185.100.85.192
    add -exist tor-block 81.89.0.202
    add -exist tor-block 146.185.163.44
    add -exist tor-block 31.171.155.102
    add -exist tor-block 51.15.55.177
    add -exist tor-block 118.167.47.67
    add -exist tor-block 46.166.148.142
    add -exist tor-block 46.5.40.210
    add -exist tor-block 151.80.38.67
    add -exist tor-block 130.204.161.3
    add -exist tor-block 198.96.155.3
    add -exist tor-block 5.135.65.145
    add -exist tor-block 79.134.255.200
    add -exist tor-block 95.42.126.167
    add -exist tor-block 195.40.181.35
    add -exist tor-block 176.10.104.243
    add -exist tor-block 37.139.8.104
    add -exist tor-block 154.70.153.175
    add -exist tor-block 81.89.0.200
    add -exist tor-block 94.142.242.84
    add -exist tor-block 185.100.86.69
    add -exist tor-block 82.130.13.154
    add -exist tor-block 31.41.219.228
    add -exist tor-block 185.10.68.119
    add -exist tor-block 46.38.56.213
    add -exist tor-block 89.248.166.157
    add -exist tor-block 163.172.134.39
    add -exist tor-block 88.198.56.140
    add -exist tor-block 46.41.132.84
    add -exist tor-block 198.50.200.134
    add -exist tor-block 162.247.72.199
    add -exist tor-block 178.238.237.44
    add -exist tor-block 188.126.81.155
    add -exist tor-block 96.66.15.147
    add -exist tor-block 80.241.60.207
    add -exist tor-block 108.51.26.141
    add -exist tor-block 51.15.46.142
    add -exist tor-block 194.218.3.79
    add -exist tor-block 94.242.246.24
    add -exist tor-block 138.68.232.155
    add -exist tor-block 91.233.106.121
    add -exist tor-block 176.58.100.98
    add -exist tor-block 164.132.51.91
    add -exist tor-block 176.126.252.11
    add -exist tor-block 93.115.241.194
    add -exist tor-block 85.248.227.163
    add -exist tor-block 155.4.212.181
    add -exist tor-block 91.223.82.156
    add -exist tor-block 178.17.170.179
    add -exist tor-block 204.8.156.142
    add -exist tor-block 81.89.0.201
    add -exist tor-block 198.73.50.71
    add -exist tor-block 198.50.231.22
    add -exist tor-block 91.134.232.48
    add -exist tor-block 50.7.151.127
    add -exist tor-block 178.200.157.173
    add -exist tor-block 185.38.14.171
    add -exist tor-block 193.171.202.150
    add -exist tor-block 95.130.12.31
    add -exist tor-block 75.72.74.123
    add -exist tor-block 172.245.32.185
    add -exist tor-block 91.235.143.251
    add -exist tor-block 37.218.240.21
    add -exist tor-block 52.184.157.234
    add -exist tor-block 212.83.40.239
    add -exist tor-block 192.42.116.16
    add -exist tor-block 79.124.59.194
    add -exist tor-block 185.165.168.173
    add -exist tor-block 37.187.155.239
    add -exist tor-block 176.10.99.208
    add -exist tor-block 91.138.20.41
    add -exist tor-block 104.131.130.130
    add -exist tor-block 13.81.62.91
    add -exist tor-block 185.11.180.67
    add -exist tor-block 154.127.61.249
    add -exist tor-block 193.90.12.89
    add -exist tor-block 176.31.200.122
    add -exist tor-block 84.19.189.242
    add -exist tor-block 195.154.161.35
    add -exist tor-block 89.140.119.143
    add -exist tor-block 77.247.181.163
    add -exist tor-block 52.166.192.180
    add -exist tor-block 46.182.18.29
    add -exist tor-block 46.101.127.145
    add -exist tor-block 193.107.85.56
    add -exist tor-block 193.90.12.88
    add -exist tor-block 62.149.12.153
    add -exist tor-block 91.213.8.84
    add -exist tor-block 166.70.207.2
    add -exist tor-block 65.181.123.254
    add -exist tor-block 5.249.149.204
    add -exist tor-block 88.156.182.196
    add -exist tor-block 86.7.140.31
    add -exist tor-block 92.222.74.226
    add -exist tor-block 154.127.60.92
    add -exist tor-block 64.137.200.96
    add -exist tor-block 207.192.69.165
    add -exist tor-block 70.164.255.174
    add -exist tor-block 197.231.221.211
    add -exist tor-block 179.183.166.150
    add -exist tor-block 116.80.244.36
    add -exist tor-block 104.131.206.23
    add -exist tor-block 165.231.0.242
    add -exist tor-block 45.33.61.40
    add -exist tor-block 5.135.158.101
    add -exist tor-block 91.121.192.154
    add -exist tor-block 45.62.210.151
    add -exist tor-block 64.113.32.29
    add -exist tor-block 162.247.72.217
    add -exist tor-block 185.82.216.233
    add -exist tor-block 62.210.245.158
    add -exist tor-block 146.0.79.243
    add -exist tor-block 90.120.135.168
    add -exist tor-block 213.61.149.100
    add -exist tor-block 192.81.131.49
    add -exist tor-block 87.236.194.23
    add -exist tor-block 121.127.250.156
    add -exist tor-block 46.194.144.63
    add -exist tor-block 45.63.126.210
    add -exist tor-block 138.219.43.141
    add -exist tor-block 120.29.217.46
    add -exist tor-block 185.100.85.132
    add -exist tor-block 185.141.164.52
    add -exist tor-block 91.233.106.172
    add -exist tor-block 78.223.155.104
    add -exist tor-block 178.17.170.149
    add -exist tor-block 91.231.86.101
    add -exist tor-block 91.197.234.102
    add -exist tor-block 176.10.99.206
    add -exist tor-block 217.23.13.129
    add -exist tor-block 64.137.230.99
    add -exist tor-block 64.137.173.118
    add -exist tor-block 171.25.193.132
    add -exist tor-block 93.115.95.204
    add -exist tor-block 162.248.10.132
    add -exist tor-block 81.240.102.10
    add -exist tor-block 213.136.92.188
    add -exist tor-block 128.199.76.145
    add -exist tor-block 149.56.229.16
    add -exist tor-block 37.123.133.148
    add -exist tor-block 5.56.32.60
    add -exist tor-block 165.255.184.120
    add -exist tor-block 192.42.113.102
    add -exist tor-block 212.159.91.21
    add -exist tor-block 81.89.0.198
    add -exist tor-block 139.162.10.72
    add -exist tor-block 162.247.73.206
    add -exist tor-block 65.19.167.131
    add -exist tor-block 192.160.102.164
    add -exist tor-block 23.95.113.5
    add -exist tor-block 46.101.139.248
    add -exist tor-block 139.162.28.23
    add -exist tor-block 31.34.241.90
    add -exist tor-block 110.174.43.136
    add -exist tor-block 62.80.200.190
    add -exist tor-block 82.221.139.25
    add -exist tor-block 37.187.7.74
    add -exist tor-block 89.35.178.104
    add -exist tor-block 178.209.50.151
    add -exist tor-block 94.102.60.85
    add -exist tor-block 185.104.120.3
    add -exist tor-block 153.218.45.182
    add -exist tor-block 13.94.150.167
    add -exist tor-block 89.163.224.109
    add -exist tor-block 138.197.205.50
    add -exist tor-block 178.17.174.32
    add -exist tor-block 85.131.152.221
    add -exist tor-block 185.100.84.82
    add -exist tor-block 176.136.44.52
    add -exist tor-block 192.135.168.251
    add -exist tor-block 158.130.0.242
    add -exist tor-block 87.118.116.90
    add -exist tor-block 91.250.241.241
    add -exist tor-block 89.31.96.168
    add -exist tor-block 206.248.184.127
    add -exist tor-block 91.64.164.129
    add -exist tor-block 103.27.124.82
    add -exist tor-block 46.249.37.143
    add -exist tor-block 91.121.119.122
    add -exist tor-block 94.23.201.80
    add -exist tor-block 193.110.157.151
    add -exist tor-block 141.170.2.53
    add -exist tor-block 213.136.71.21
    add -exist tor-block 87.81.148.61
    add -exist tor-block 185.109.146.62
    add -exist tor-block 46.16.234.131
    add -exist tor-block 178.175.128.50
    add -exist tor-block 94.242.246.23
    add -exist tor-block 5.196.66.162
    add -exist tor-block 93.95.100.164
    add -exist tor-block 82.247.198.227
    add -exist tor-block 45.62.246.91
    add -exist tor-block 46.166.148.155
    add -exist tor-block 185.100.84.108
    add -exist tor-block 72.14.179.10
    add -exist tor-block 213.252.244.105
    add -exist tor-block 31.24.148.37
    add -exist tor-block 185.61.149.193
    add -exist tor-block 80.67.172.162
    add -exist tor-block 77.81.104.124
    add -exist tor-block 195.154.91.194
    add -exist tor-block 46.101.169.151
    add -exist tor-block 67.205.146.164
    add -exist tor-block 80.220.159.60
    add -exist tor-block 176.10.99.202
    add -exist tor-block 89.227.39.122
    add -exist tor-block 91.232.225.43
    add -exist tor-block 62.205.133.251
    add -exist tor-block 176.123.26.92
    add -exist tor-block 95.73.104.181
    add -exist tor-block 188.214.129.85
    add -exist tor-block 87.118.116.12
    add -exist tor-block 213.32.55.247
    add -exist tor-block 95.85.10.71
    add -exist tor-block 103.27.126.90
    add -exist tor-block 185.100.87.82
    add -exist tor-block 92.222.78.79
    add -exist tor-block 217.13.197.5
    add -exist tor-block 185.100.85.61
    add -exist tor-block 92.222.28.243
    add -exist tor-block 89.32.127.178
    add -exist tor-block 91.213.8.236
    add -exist tor-block 41.208.213.46
    add -exist tor-block 46.235.227.70
    add -exist tor-block 192.241.160.32
    add -exist tor-block 91.220.220.5
    add -exist tor-block 204.194.29.4
    add -exist tor-block 88.80.7.5
    add -exist tor-block 172.111.204.41
    add -exist tor-block 109.126.9.228
    add -exist tor-block 198.211.122.191
    add -exist tor-block 89.187.143.81
    add -exist tor-block 89.221.210.122
    add -exist tor-block 96.35.130.133
    add -exist tor-block 74.50.54.69
    add -exist tor-block 64.137.208.3
    add -exist tor-block 103.56.207.84
    add -exist tor-block 195.12.190.38
    add -exist tor-block 89.34.237.121
    add -exist tor-block 146.0.79.144
    add -exist tor-block 185.86.149.24
    add -exist tor-block 212.21.66.6
    add -exist tor-block 79.169.34.95
    add -exist tor-block 65.129.196.25
    add -exist tor-block 92.111.156.14
    add -exist tor-block 31.31.100.153
    add -exist tor-block 212.83.40.238
    add -exist tor-block 59.179.17.195
    add -exist tor-block 216.243.49.50
    add -exist tor-block 178.20.55.16
    add -exist tor-block 146.0.43.126
    add -exist tor-block 213.151.89.4
    add -exist tor-block 193.107.85.62
    add -exist tor-block 185.100.86.244
    add -exist tor-block 104.197.148.217
    add -exist tor-block 107.181.174.84
    add -exist tor-block 74.142.74.156
    add -exist tor-block 84.3.0.53
    add -exist tor-block 46.182.106.190
    add -exist tor-block 128.153.146.125
    add -exist tor-block 37.59.112.7
    add -exist tor-block 178.17.171.43
    add -exist tor-block 5.146.144.232
    add -exist tor-block 88.198.125.96
    add -exist tor-block 165.90.188.168
    add -exist tor-block 94.232.174.66
    add -exist tor-block 37.233.99.157
    add -exist tor-block 192.155.95.222
    add -exist tor-block 51.255.202.66
    add -exist tor-block 162.243.166.137
    add -exist tor-block 195.62.53.58
    add -exist tor-block 64.137.212.84
    add -exist tor-block 89.94.1.179
    add -exist tor-block 141.255.189.161
    add -exist tor-block 13.69.10.96
    add -exist tor-block 70.119.15.155
    add -exist tor-block 91.138.23.206
    add -exist tor-block 31.31.74.47
    add -exist tor-block 89.76.82.235
    add -exist tor-block 185.25.51.42
    add -exist tor-block 193.90.12.87
    add -exist tor-block 78.41.115.145
    add -exist tor-block 176.10.99.201
    add -exist tor-block 46.4.55.177
    add -exist tor-block 103.236.201.110
    add -exist tor-block 189.84.21.44
    add -exist tor-block 216.230.148.77
    add -exist tor-block 178.18.83.215
    add -exist tor-block 193.169.135.154
    add -exist tor-block 171.25.193.20


    and


    root@gateway ~]# ipset list tor-block
    Name: tor-block
    Type: hash:net
    Revision: 3
    Header: family inet hashsize 1024 maxelem 65536
    Size in memory: 37424
    References: 8
    Members:
    158.255.5.207
    93.64.207.55
    164.70.1.193
    59.177.65.112
    77.27.126.221
    185.16.173.84
    163.172.190.34
    185.175.208.179
    87.60.172.92
    94.34.93.176
    50.26.2.232
    82.211.19.143
    217.170.201.106
    211.76.55.92
    185.100.87.192
    37.187.129.166
    51.15.43.205
    68.109.18.141
    77.170.230.163
    104.200.20.46
    5.39.217.14
    104.233.83.9
    85.195.107.250
    37.218.240.68
    120.56.169.168
    185.38.14.215
    150.107.150.101
    72.12.207.14
    82.245.109.199
    185.35.138.92
    139.162.57.167
    216.218.134.12
    162.247.72.213
    91.203.5.165
    148.251.255.92
    64.124.32.84
    109.194.110.145
    92.222.103.232
    45.62.249.18
    185.34.52.96
    5.189.188.111
    51.15.135.103
    212.19.17.213
    109.201.133.100
    97.74.237.196
    93.95.228.80
    185.34.33.2
    95.215.44.194
    216.17.101.79
    212.47.227.114
    89.187.144.122
    78.107.237.16
    37.218.240.50
    69.162.139.9
    81.89.0.196
    92.222.180.87
    82.211.31.247
    198.98.53.61
    81.89.0.195
    94.31.53.203
    108.85.99.10
    176.126.252.12
    46.166.148.176
    137.74.167.224
    91.235.136.50
    176.10.104.240
    61.231.0.7
    95.211.230.94
    146.185.150.219
    80.99.70.115
    77.247.181.165
    62.210.37.82
    178.62.217.233
    208.113.166.5
    150.107.150.102
    158.255.5.178
    176.123.26.27
    188.209.49.34
    37.200.98.117
    192.36.27.7
    193.107.85.57
    51.15.37.97
    85.143.219.211
    201.68.215.52
    5.9.146.203
    205.168.84.133
    176.38.163.77
    77.81.240.41
    173.208.213.114
    37.218.240.101
    176.123.26.10
    64.137.184.36
    191.101.226.15
    93.115.95.201
    158.255.5.117
    190.10.8.50
    178.17.171.93
    185.120.147.171
    149.202.63.214
    204.85.191.30
    62.133.130.105
    163.172.151.47
    163.172.136.101
    5.28.62.85
    204.17.56.42
    109.169.33.163
    176.58.89.182
    141.138.141.208
    185.65.200.93
    46.233.0.70
    5.196.121.161
    62.210.129.246
    176.122.119.103
    195.228.45.176
    93.115.95.207
    85.248.227.164
    178.63.97.34
    185.117.82.132
    79.134.234.247
    46.246.93.70
    108.61.122.88
    185.100.87.186
    173.255.231.125
    37.218.240.80
    94.198.100.17
    154.127.61.134
    93.115.241.2
    92.222.115.28
    173.212.197.112
    91.121.77.37
    195.254.135.76
    46.28.107.82
    162.247.72.7
    82.165.142.79
    198.100.148.112
    179.178.78.206
    5.228.5.57
    178.17.170.212
    199.68.196.124
    64.137.178.47
    213.95.21.54
    192.36.27.6
    187.104.60.81
    162.247.72.202
    89.234.157.254
    173.79.162.220
    52.164.227.83
    198.50.200.135
    46.166.148.144
    104.40.212.19
    103.41.177.49
    46.166.148.154
    62.210.69.79
    46.166.148.153
    198.167.223.38
    168.1.75.41
    45.33.23.23
    139.162.144.133
    46.246.49.134
    198.58.100.240
    115.186.243.60
    93.115.95.206
    199.127.226.150
    81.89.0.204
    185.104.120.4
    40.118.98.190
    188.213.165.101
    213.108.105.71
    212.109.217.131
    195.154.122.54
    72.52.75.27
    184.105.220.24
    93.115.95.216
    185.24.233.74
    185.100.87.143
    46.188.56.214
    185.29.8.132
    89.31.57.5
    162.243.75.204
    13.73.158.253
    178.217.187.39
    46.182.18.214
    66.155.4.213
    95.140.42.183
    31.185.104.19
    59.177.66.72
    85.25.29.22
    95.165.148.12
    95.142.161.63
    85.143.95.50
    185.100.86.86
    46.183.221.137
    185.30.238.77
    118.163.74.161
    144.217.60.211
    82.221.128.217
    106.187.37.101
    51.15.50.233
    85.159.237.210
    63.223.69.103
    162.247.72.200
    185.100.85.190
    46.182.18.111
    162.244.26.76
    199.68.196.123
    37.187.176.64
    46.72.80.54
    46.246.42.236
    50.31.252.11
    89.34.237.192
    179.43.151.226
    109.173.57.250
    192.34.80.176
    91.219.236.218
    85.90.244.23
    144.217.60.239
    46.165.230.5
    146.115.145.143
    109.163.234.5
    103.10.197.50
    188.165.59.43
    79.143.186.17
    64.137.244.96
    185.16.200.176
    71.135.40.181
    163.172.160.182
    190.210.182.173
    205.185.115.60
    95.165.133.22
    109.173.57.54
    79.137.79.31
    87.98.178.61
    172.245.32.186
    158.255.5.206
    185.100.85.147
    178.32.53.94
    167.114.230.104
    87.118.92.43
    93.189.90.244
    89.109.226.75
    91.213.8.235
    50.128.140.134
    89.34.237.101
    163.172.142.15
    46.182.19.219
    163.172.170.212
    37.48.120.9
    178.175.131.194
    195.123.210.95
    171.25.193.78
    5.189.153.91
    95.141.35.15
    103.199.16.58
    199.87.154.255
    62.141.35.91
    46.166.162.53
    41.223.53.141
    89.45.226.28
    82.71.211.13
    185.73.44.54
    46.38.48.12
    185.112.157.135
    185.145.128.149
    176.10.99.205
    109.163.234.2
    207.244.70.35
    51.254.48.93
    51.254.23.203
    51.15.39.2
    209.159.137.156
    178.20.55.18
    103.29.70.23
    210.3.102.152
    93.65.213.31
    176.10.107.180
    212.47.243.140
    69.30.214.210
    46.166.148.152
    204.11.50.131
    185.65.205.10
    193.111.141.114
    87.98.250.244
    45.79.104.251
    185.129.62.63
    84.53.232.154
    84.200.56.36
    62.210.81.52
    162.220.246.230
    84.48.199.78
    37.157.196.97
    212.26.245.34
    80.79.23.7
    82.211.0.201
    92.222.6.12
    109.128.134.225
    46.41.150.74
    163.172.209.46
    163.172.221.209
    185.87.185.45
    46.166.148.177
    208.67.1.164
    89.249.133.165
    80.169.241.76
    24.151.31.24
    162.247.73.74
    64.137.201.90
    51.15.1.125
    176.10.99.207
    185.25.50.103
    176.10.99.204
    185.165.168.196
    51.15.40.233
    64.137.178.3
    85.248.227.165
    198.46.138.18
    193.15.16.4
    172.94.100.173
    109.163.234.7
    18.248.1.85
    107.182.131.117
    176.116.104.49
    31.185.104.21
    192.166.218.63
    162.221.201.57
    50.7.176.2
    41.182.24.80
    104.236.141.156
    185.162.10.121
    151.80.238.152
    117.201.240.2
    178.17.170.27
    62.210.105.116
    185.175.208.180
    85.25.103.69
    188.143.29.177
    185.8.237.45
    31.16.244.48
    209.123.234.23
    212.47.253.223
    65.19.167.130
    158.255.7.61
    149.56.204.218
    171.25.193.25
    62.12.115.107
    192.160.102.166
    86.104.15.15
    5.79.68.161
    5.39.86.206
    31.162.73.214
    203.217.173.146
    104.245.233.128
    86.59.165.99
    50.53.181.45
    86.107.110.210
    115.70.208.17
    171.25.193.235
    139.162.226.245
    79.137.87.213
    50.247.195.124
    163.172.153.12
    198.50.159.155
    128.199.47.160
    191.96.249.110
    94.102.50.42
    82.250.153.184
    37.220.36.240
    104.233.120.108
    163.172.217.50
    176.145.182.43
    89.221.209.100
    93.89.101.27
    40.69.73.77
    176.67.169.254
    176.31.45.3
    87.118.122.30
    109.163.234.4
    138.197.207.243
    216.218.222.12
    178.208.102.91
    185.31.172.234
    95.130.11.147
    158.255.6.242
    109.163.234.8
    62.210.254.127
    87.118.114.145
    82.196.8.13
    193.201.225.45
    109.163.234.9
    64.137.231.56
    31.16.89.170
    64.137.243.67
    88.161.203.46
    185.117.215.9
    192.42.115.102
    78.130.128.106
    216.218.222.13
    139.162.28.31
    176.31.215.157
    80.255.6.11
    79.137.87.212
    85.93.218.204
    185.100.86.100
    100.38.112.167
    68.71.46.138
    5.249.145.164
    192.99.54.79
    78.142.175.70
    31.31.74.69
    198.58.107.53
    185.31.161.102
    46.28.110.136
    45.62.232.20
    185.113.128.79
    93.158.216.52
    137.74.167.161
    76.85.200.64
    185.10.68.95
    171.25.193.131
    46.162.192.166
    124.109.1.207
    82.221.139.190
    92.243.69.105
    94.177.234.243
    89.38.208.57
    78.21.52.58
    50.115.164.113
    178.17.174.10
    173.255.115.146
    80.162.43.72
    92.222.22.113
    93.186.14.70
    69.164.207.234
    95.211.118.194
    167.88.35.108
    185.121.168.254
    192.42.115.101
    217.115.10.132
    45.76.29.254
    146.185.163.116
    31.220.42.233
    45.62.247.18
    46.148.26.108
    5.199.130.188
    176.10.99.200
    181.175.111.24
    155.133.82.112
    109.230.231.222
    212.81.199.159
    128.52.128.105
    185.25.50.17
    37.59.254.9
    185.129.62.62
    194.67.214.123
    92.145.43.41
    213.161.5.12
    212.92.219.15
    45.32.239.166
    162.247.73.204
    91.146.121.3
    87.118.122.51
    64.137.244.19
    144.217.161.119
    51.15.43.202
    185.103.99.60
    192.99.68.115
    41.206.188.206
    31.185.104.20
    107.191.56.192
    167.114.34.150
    89.252.2.140
    92.222.38.67
    198.50.191.95
    94.242.57.84
    198.143.136.228
    192.195.80.10
    199.68.196.126
    77.153.10.26
    109.63.235.182
    185.100.86.128
    81.89.0.197
    217.103.164.150
    103.3.61.114
    198.50.200.130
    149.202.238.204
    195.123.212.34
    84.200.82.163
    13.74.174.90
    195.169.125.226
    81.89.0.203
    109.108.3.87
    81.89.0.199
    146.185.177.103
    88.200.73.100
    46.165.223.217
    172.113.240.215
    192.87.28.28
    87.118.84.181
    168.235.153.203
    185.12.45.79
    84.200.50.18
    125.212.241.182
    91.203.146.126
    103.234.220.197
    172.97.103.47
    41.231.53.101
    41.103.218.29
    166.70.15.14
    65.112.221.35
    93.174.93.133
    5.9.158.75
    93.115.95.205
    92.222.81.196
    163.172.223.200
    46.29.248.238
    37.220.35.202
    173.255.226.142
    59.127.163.155
    149.56.223.241
    162.247.72.216
    86.148.218.110
    81.37.224.42
    84.190.191.22
    216.218.222.10
    89.207.129.150
    162.243.18.80
    176.214.50.130
    85.25.44.141
    103.8.79.229
    185.100.85.220
    109.230.252.173
    149.202.98.160
    94.228.86.11
    204.27.60.147
    199.254.238.44
    193.90.12.90
    89.236.34.117
    77.151.20.214
    144.217.99.46
    173.255.229.8
    80.240.139.111
    89.187.142.208
    149.56.229.17
    77.73.66.111
    91.219.236.174
    192.87.28.82
    31.131.4.167
    192.36.27.4
    193.150.121.78
    82.94.251.227
    62.102.148.67
    185.100.87.241
    188.65.144.2
    5.189.146.133
    185.14.30.238
    82.161.210.87
    5.148.165.13
    94.26.140.150
    46.166.148.145
    80.244.81.191
    193.90.12.86
    179.43.146.230
    162.221.202.230
    66.180.193.219
    23.92.28.23
    137.74.167.96
    185.82.217.36
    121.54.175.50
    193.169.135.133
    46.105.100.149
    91.219.237.244
    104.46.34.192
    163.172.35.247
    64.137.189.77
    5.61.34.63
    51.15.44.142
    186.149.249.18
    79.172.193.32
    173.14.173.227
    158.255.5.160
    37.48.120.196
    93.115.95.202
    171.25.193.77
    13.81.114.52
    212.16.104.33
    14.202.230.49
    62.210.246.163
    162.243.100.225
    149.202.98.161
    62.212.73.141
    94.242.228.174
    46.23.72.81
    104.206.237.21
    199.68.196.125
    217.115.10.131
    87.118.115.176
    93.184.66.227
    67.215.255.140
    93.95.100.203
    92.222.69.25
    173.254.216.66
    190.216.2.136
    185.146.168.19
    87.118.122.50
    151.50.22.124
    78.249.58.119
    87.98.152.151
    176.31.180.157
    62.210.245.138
    109.69.67.17
    185.25.51.33
    92.51.245.85
    141.69.205.121
    163.172.134.238
    46.72.4.29
    198.167.223.33
    185.66.200.10
    124.248.244.174
    139.162.16.13
    77.109.139.87
    162.247.72.201
    178.17.171.40
    64.137.245.56
    209.222.77.220
    79.224.81.119
    163.172.35.249
    89.144.12.15
    212.47.246.21
    109.120.180.245
    78.31.164.41
    95.130.11.170
    94.23.173.249
    216.239.90.19
    91.219.236.232
    65.19.167.132
    5.196.1.129
    185.100.85.101
    158.69.36.131
    24.207.212.154
    217.211.89.66
    91.219.237.229
    23.92.27.23
    185.50.191.250
    89.223.27.241
    86.253.69.197
    162.247.72.27
    31.185.27.1
    194.88.143.66
    45.33.48.204
    163.172.67.180
    185.72.244.24
    74.207.248.110
    80.85.84.23
    104.167.116.234
    158.193.153.6
    59.115.112.16
    94.242.57.2
    185.29.8.211
    176.10.99.203
    176.10.99.209
    176.136.25.17
    64.137.180.197
    137.74.169.241
    71.46.220.68
    51.15.53.83
    195.123.209.184
    108.175.11.230
    94.242.57.161
    50.76.159.218
    185.100.86.167
    45.79.207.176
    149.202.58.41
    185.118.251.20
    92.222.84.136
    79.137.81.168
    46.167.245.51
    37.187.239.8
    185.159.130.223
    77.81.107.138
    46.36.30.146
    46.183.221.231
    185.165.168.123
    46.183.216.205
    104.130.169.121
    46.183.218.199
    5.79.86.15
    84.200.56.34
    185.135.156.94
    185.100.86.154
    178.17.170.164
    95.128.43.164
    185.145.129.197
    84.19.179.229
    176.67.168.210
    46.166.148.143
    91.59.68.193
    108.32.49.20
    195.178.166.72
    138.68.2.118
    185.100.85.192
    81.89.0.202
    146.185.163.44
    31.171.155.102
    51.15.55.177
    118.167.47.67
    46.166.148.142
    46.5.40.210
    151.80.38.67
    130.204.161.3
    198.96.155.3
    5.135.65.145
    79.134.255.200
    95.42.126.167
    195.40.181.35
    176.10.104.243
    37.139.8.104
    154.70.153.175
    81.89.0.200
    94.142.242.84
    185.100.86.69
    82.130.13.154
    31.41.219.228
    185.10.68.119
    46.38.56.213
    89.248.166.157
    163.172.134.39
    88.198.56.140
    46.41.132.84
    198.50.200.134
    162.247.72.199
    178.238.237.44
    188.126.81.155
    96.66.15.147
    80.241.60.207
    108.51.26.141
    51.15.46.142
    194.218.3.79
    94.242.246.24
    138.68.232.155
    91.233.106.121
    176.58.100.98
    164.132.51.91
    176.126.252.11
    93.115.241.194
    85.248.227.163
    155.4.212.181
    91.223.82.156
    178.17.170.179
    204.8.156.142
    81.89.0.201
    198.73.50.71
    198.50.231.22
    91.134.232.48
    50.7.151.127
    178.200.157.173
    185.38.14.171
    193.171.202.150
    95.130.12.31
    75.72.74.123
    172.245.32.185
    91.235.143.251
    37.218.240.21
    52.184.157.234
    212.83.40.239
    192.42.116.16
    79.124.59.194
    185.165.168.173
    37.187.155.239
    176.10.99.208
    91.138.20.41
    104.131.130.130
    13.81.62.91
    185.11.180.67
    154.127.61.249
    193.90.12.89
    176.31.200.122
    84.19.189.242
    195.154.161.35
    89.140.119.143
    77.247.181.163
    52.166.192.180
    46.182.18.29
    46.101.127.145
    193.107.85.56
    193.90.12.88
    62.149.12.153
    91.213.8.84
    166.70.207.2
    65.181.123.254
    5.249.149.204
    88.156.182.196
    86.7.140.31
    92.222.74.226
    154.127.60.92
    64.137.200.96
    207.192.69.165
    70.164.255.174
    197.231.221.211
    179.183.166.150
    116.80.244.36
    104.131.206.23
    165.231.0.242
    45.33.61.40
    5.135.158.101
    91.121.192.154
    45.62.210.151
    64.113.32.29
    162.247.72.217
    185.82.216.233
    62.210.245.158
    146.0.79.243
    90.120.135.168
    213.61.149.100
    192.81.131.49
    87.236.194.23
    121.127.250.156
    46.194.144.63
    45.63.126.210
    138.219.43.141
    120.29.217.46
    185.100.85.132
    185.141.164.52
    91.233.106.172
    78.223.155.104
    178.17.170.149
    91.231.86.101
    91.197.234.102
    176.10.99.206
    217.23.13.129
    64.137.230.99
    64.137.173.118
    171.25.193.132
    93.115.95.204
    162.248.10.132
    81.240.102.10
    213.136.92.188
    128.199.76.145
    149.56.229.16
    37.123.133.148
    5.56.32.60
    165.255.184.120
    192.42.113.102
    212.159.91.21
    81.89.0.198
    139.162.10.72
    162.247.73.206
    65.19.167.131
    192.160.102.164
    23.95.113.5
    46.101.139.248
    139.162.28.23
    31.34.241.90
    110.174.43.136
    62.80.200.190
    82.221.139.25
    37.187.7.74
    89.35.178.104
    178.209.50.151
    94.102.60.85
    185.104.120.3
    153.218.45.182
    13.94.150.167
    89.163.224.109
    138.197.205.50
    178.17.174.32
    85.131.152.221
    185.100.84.82
    176.136.44.52
    192.135.168.251
    158.130.0.242
    87.118.116.90
    91.250.241.241
    89.31.96.168
    206.248.184.127
    91.64.164.129
    103.27.124.82
    46.249.37.143
    91.121.119.122
    94.23.201.80
    193.110.157.151
    141.170.2.53
    213.136.71.21
    87.81.148.61
    185.109.146.62
    46.16.234.131
    178.175.128.50
    94.242.246.23
    5.196.66.162
    93.95.100.164
    82.247.198.227
    45.62.246.91
    46.166.148.155
    185.100.84.108
    72.14.179.10
    213.252.244.105
    31.24.148.37
    185.61.149.193
    80.67.172.162
    77.81.104.124
    195.154.91.194
    46.101.169.151
    67.205.146.164
    80.220.159.60
    176.10.99.202
    89.227.39.122
    91.232.225.43
    62.205.133.251
    176.123.26.92
    95.73.104.181
    188.214.129.85
    87.118.116.12
    213.32.55.247
    95.85.10.71
    103.27.126.90
    185.100.87.82
    92.222.78.79
    217.13.197.5
    185.100.85.61
    92.222.28.243
    89.32.127.178
    91.213.8.236
    41.208.213.46
    46.235.227.70
    192.241.160.32
    91.220.220.5
    204.194.29.4
    88.80.7.5
    172.111.204.41
    109.126.9.228
    198.211.122.191
    89.187.143.81
    89.221.210.122
    96.35.130.133
    74.50.54.69
    64.137.208.3
    103.56.207.84
    195.12.190.38
    89.34.237.121
    146.0.79.144
    185.86.149.24
    212.21.66.6
    79.169.34.95
    65.129.196.25
    92.111.156.14
    31.31.100.153
    212.83.40.238
    59.179.17.195
    216.243.49.50
    178.20.55.16
    146.0.43.126
    213.151.89.4
    193.107.85.62
    185.100.86.244
    104.197.148.217
    107.181.174.84
    74.142.74.156
    84.3.0.53
    46.182.106.190
    128.153.146.125
    37.59.112.7
    178.17.171.43
    5.146.144.232
    88.198.125.96
    165.90.188.168
    94.232.174.66
    37.233.99.157
    192.155.95.222
    51.255.202.66
    162.243.166.137
    195.62.53.58
    64.137.212.84
    89.94.1.179
    141.255.189.161
    13.69.10.96
    70.119.15.155
    91.138.23.206
    31.31.74.47
    89.76.82.235
    185.25.51.42
    193.90.12.87
    78.41.115.145
    176.10.99.201
    46.4.55.177
    103.236.201.110
    189.84.21.44
    216.230.148.77
    178.18.83.215
    193.169.135.154
    171.25.193.20
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 07:03 PM - #Permalink
    Resolved
    0 votes
    That all looks reasonable at first glance. You have too many firewall rules but it does not matter. The last two you posted separately more than cover the OUTPUT and FORWARD rules in 20-ipset_blocks and also remove the need for the IPSET_BLK chain, but I suspect they are only there for testing.

    One thing which is missing from /etc/cron.hourly/tor is any error checking on the download file. Really we should test for download failing and not proceed with the rest of the script. You may want to have a look in /usr/src/ipset_tor-block.save to make sure it is not empty. You can test for IP's in the tor-block set with test "ipset test tor-block IP_to_be_tested". It may be worth running the cron job manually to see if it gives any errors.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 05:41 PM - #Permalink
    Resolved
    0 votes
    ok, here we go: (thanks in advance!)


    my file in /etc/cron.hourly/tor (permissions 755 owner root)

    #!/bin/bash

    wget -q -O /usr/src/torexitnodes https://check.torproject.org/exit-addresses


    ipset destroy -q tor-block-temp
    ipset -N tor-block-temp nethash -exist
    ipset -N tor-block nethash -exist

    for IP in `cat /usr/src/torexitnodes | grep ExitAddress | cut -d ' ' -f 2`; do
    CLEANIP=$(echo "$IP" | egrep -o '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}(/[[:digit:]]{1,2})?')
    if [ -n $CLEANIP ]; then
    ipset -A -exist tor-block-temp $CLEANIP
    fi
    done

    # swap sets
    ipset swap tor-block tor-block-temp

    # ensure that temp sets do not exist
    ipset destroy -q "tor-block-temp"

    ipset save tor-block > /usr/src/ipset_tor-block.save
    sed -i 's/create/create -exist/g' /usr/src/ipset_tor-block.save
    sed -i 's/add/add -exist/g' /usr/src/ipset_tor-block.save



    my /etc/sysconfig/modules/ip_set.modules (permissions 755 owner root)


    #!/bin/bash

    # Added by njh - see https://www.clearos.com/clearfoundation/social/community/what-is-the-best-way-to-load-the-ip_set-module#reply-136071
    modprobe ip_set



    my /etc/clearos/firewall.d/20-ipset_blocks (permissions 755 owner root)


    if [ "`lsmod | grep ip_set`" = "" ]; then
    modprobe ip_set
    fi

    $IPTABLES -N IPSET_BLK > /dev/null 2>&1

    # ensure that ipsets exist
    ipset create tor-block nethash -exist


    $IPTABLES -I INPUT -p tcp ! --dport 25 -j IPSET_BLK
    $IPTABLES -I INPUT -p udp -m multiport ! --dports 1194,51413 -j IPSET_BLK
    $IPTABLES -I FORWARD -j IPSET_BLK
    $IPTABLES -I OUTPUT -p tcp -m multiport ! --dports 25,53 -j IPSET_BLK
    $IPTABLES -I OUTPUT -p udp ! --dport 53 -j IPSET_BLK


    $IPTABLES -I IPSET_BLK -m set --match-set tor-block src -j DROP
    $IPTABLES -I IPSET_BLK -m set --match-set tor-block dst -j DROP



    my /etc/rc.d/rc.local


    #!/bin/bash
    # THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
    #
    # It is highly advisable to create own systemd services or udev rules
    # to run scripts during boot instead of using this file.
    #
    # In contrast to previous versions due to parallel execution during boot
    # this script will NOT be run after all other services.
    #
    # Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
    # that this script will be executed during boot.

    #touch /var/lock/subsys/local
    # Load in all previously saved ipset sets
    if [ "`lsmod | grep ip_set`" = "" ]; then
    modprobe ip_set
    fi

    for file in /usr/src/ipset_*.save ; do
    ipset restore < $file
    done



    my firewall rules:


    iptables -I OUTPUT -m set --match-set tor-block dst -j DROP
    iptables -I FORWARD -m set --match-set tor-block dst -j DROP



    my output to iptables -nvL
    [root@gateway firewall.d]# iptables -nvL
    Chain INPUT (policy DROP 78 packets, 15575 bytes)
    pkts bytes target prot opt in out source destination
    25888 3312K IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports !1194,51413
    3474K 3139M IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:!25
    11 836 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
    0 0 DROP tcp -- ens6 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    93 3744 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    27 10578 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- enp3s0 * 127.0.0.0/8 0.0.0.0/0
    0 0 DROP all -- enp3s0 * 169.254.0.0/16 0.0.0.0/0
    1642K 1581M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    678K 58M ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    26995 2395K ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    34797 3076K ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    758 76952 ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0
    20 580 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    0 0 ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:2332
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:81
    2833 775K ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    1133K 1515M ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    79170 59M IPSET_BLK all -- * * 0.0.0.0/0 0.0.0.0/0
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block dst
    78235 59M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    472 34959 ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    10 400 ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    467 98268 ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    4291 1040K IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:!53
    3602K 3137M IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports !25,53
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block dst
    1642K 1581M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    1159K 1383M ACCEPT all -- * ens1 0.0.0.0/0 0.0.0.0/0
    23730 53M ACCEPT all -- * ens2 0.0.0.0/0 0.0.0.0/0
    41451 71M ACCEPT all -- * ens3 0.0.0.0/0 0.0.0.0/0
    688 284K ACCEPT all -- * ens6 0.0.0.0/0 0.0.0.0/0
    130 40316 ACCEPT icmp -- * enp3s0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:2332
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:81
    768K 69M ACCEPT all -- * enp3s0 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain IPSET_BLK (5 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block src
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 03:23 PM - #Permalink
    Resolved
    0 votes
    Please post the three scripts and check they all have execute permissions. Also post the output to "iptables -nvL". Put all output between code tags or I won't look at them.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 13 2017, 02:03 PM - #Permalink
    Resolved
    0 votes
    reviewing my scripts, something is messed up, it works for a day or two. not now.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 09 2017, 02:36 PM - #Permalink
    Resolved
    0 votes
    That would surprise me but I don't have the set up to check. If you're blocking the OUTPUT chain to TOR exit nodes then you should still be able to block via the proxy.

    Have you tried reworking the scripts and simplifying the firewall rules?

    For testing, you should be able to get away with just two rules and no IPSET_BLK chain:
    iptables -I OUTPUT -m set --match-set tor-block dst -j DROP
    iptables -I FORWARD -m set --match-set tor-block dst -j DROP
    If you are concerned about sending or receiving e-mails via TOR exit nodes, then you will need more rules to allow e-mails, say by adding:
    iptables -I OUTPUT -p tcp --dport 25 -m set --match-set tor-block dst -j ACCEPT
    iptables -I OUTPUT -p tcp --sport 25 -m set --match-set tor-block src -j ACCEPT
    and perhaps something similar for the FORWARD chain if you don't use ClearOS to relay your mail. Rule ordering becomes important and the ACCEPT rules must be placed further down the file than the DROP rules to appear first in the iptables listing.
    The reply is currently minimized Show
  • Accepted Answer

    Thursday, February 09 2017, 02:14 PM - #Permalink
    Resolved
    0 votes
    The firewall cannot block tor browser, seems like proxy has a part in here.
    using transparent+noauth (no proxy at all) works ; using non transparent impossible to block.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 08 2017, 02:19 PM - #Permalink
    Resolved
    0 votes
    Some of the solution is in my previous post and it is because my scripts are inconsistent because they are a mix and match of scripts and I was simplifying them at the time as well. Firstly go into every script (cron, firewall, rc.local) and change every occurrence of iphash to nethash. Also remove any reference to "--hashsize 26244" or any other hashsize.

    Next, temporarily hide your file /etc/clearos/firewall.d/20-ipset_blocks by putting a "." in front of the filename. Then restart your firewall. This should remove all references to the tor-block set (I don't think just removing the two firewall rules on their own works - a full firewall restart is needed).

    Then delete the ipsets:
    ipset destroy tor-block
    ipset destroy tor-block-temp
    .

    Then re-run your cron job, and finally unhide the firewall file and restart the firewall.
    The reply is currently minimized Show
  • Accepted Answer

    Wednesday, February 08 2017, 01:49 PM - #Permalink
    Resolved
    0 votes
    I think I got something here:
    fresh Cos 7 install/update in a different server, everything seems to go smooth until I ran the cron job:
    [root@gateway cron.daily]# ./tor
    ipset v6.19: Set cannot be created: set with the same name already exists
    ipset v6.19: The sets cannot be swapped: they type does not match
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 07 2017, 09:55 PM - #Permalink
    Resolved
    0 votes
    Because I've pulled my script from different bits there is an inconsistency in the set types used in different parts of the scripts. It is relatively hard to start afresh, so can you do an "ipset list tor-block -terse"? What you are looking for is the type. Whatever it is you want to make it the same in all the scriptlets - either nethash or iphash, but use whatever the set is currently. I am wondering if nethash is not working with individual IP's. It should, and I can possibly test tomorrow.

    Can you run each script manually in a terminal and see if there are any errors?

    Did you set up any logging?

    Did you simplify your firewall rules?
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 07 2017, 08:29 PM - #Permalink
    Resolved
    0 votes
    At this point, I am lost.
    i can see how my firewall is not blocking nothing at all.

    all the ips in the ipset are correct. it is just not working.:(
    The reply is currently minimized Show
  • Accepted Answer

    Tuesday, February 07 2017, 10:11 AM - #Permalink
    Resolved
    0 votes
    You could try adding a couple of rules:
    iptables -I IPSET_BLK -j LOG --log-prefix "Requested"
    iptables -A IPSET_BLK -j LOG --log-prefix "Allowed"
    This should set up logging of everything into the IPSET_BLK into /var/log/messages with a prefix of "Requested". Anything which does not get blocked will also get logged with a prefix of "Allowed". A diff of the two should show you what is being blocked.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 10:05 PM - #Permalink
    Resolved
    0 votes
    I've edited your post to put the output between code tags. I trust you'll find it much easier to read like that.

    In your firewall rules, for the moment please try removing the "-m state --state NEW", or just add new ones. If that does not work, also remove the "-p tcp/udp" and the "-m multiport ! dports ....." bits.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 09:34 PM - #Permalink
    Resolved
    0 votes
    be my guest

    [root@gateway ~]# iptables -nvL
    Chain INPUT (policy DROP 39 packets, 8100 bytes)
    pkts bytes target prot opt in out source destination
    42566 4338K IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports !1194,51413
    23726 1266K IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:!25
    12 912 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
    0 0 DROP tcp -- ens6 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    77 3080 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    31 7713 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- enp3s0 * 127.0.0.0/8 0.0.0.0/0
    0 0 DROP all -- enp3s0 * 169.254.0.0/16 0.0.0.0/0
    2775K 2467M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    2154K 2025M ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    22831 2108K ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    36057 3420K ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    10 2978 ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0
    12 348 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    0 0 ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:2332
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:81
    1460 401K ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    366K 473M ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    18311 1531K IPSET_BLK all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
    122K 31M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    18664 1561K ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    20 1600 ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    1 76 ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    84 6550 ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    17 3453 IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:!53
    5719 349K IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports !25,53
    2775K 2467M ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    2421K 2309M ACCEPT all -- * ens1 0.0.0.0/0 0.0.0.0/0
    21681 36M ACCEPT all -- * ens2 0.0.0.0/0 0.0.0.0/0
    42608 85M ACCEPT all -- * ens3 0.0.0.0/0 0.0.0.0/0
    1 76 ACCEPT all -- * ens6 0.0.0.0/0 0.0.0.0/0
    120 33238 ACCEPT icmp -- * enp3s0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:2332
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:81
    262K 28M ACCEPT all -- * enp3s0 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain IPSET_BLK (5 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set tor-block src
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 09:30 PM - #Permalink
    Resolved
    0 votes
    Can you list your firewall again, please?
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 09:12 PM - #Permalink
    Resolved
    0 votes
    thank you Nick. I really appreciate your effort to help me to trow away my fortinet but,
    I have to tell you , the ips that appear in tor browser are in the ip set. :(
    it is just not blocking them
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 08:43 PM - #Permalink
    Resolved
    0 votes
    I am at a loss and I don't use tor.

    Have you checked the ipset list for its contents? Either have a look at /usr/src/ipset_tor-block.save or use the command "ipset --list tor-block". If the list seems to be OK then it should be down to the quality of the list of TOR exit nodes. I used one from Emerging Threads, but the list you found is larger. Are either comprehensive?

    When someone is using the TOR browser, can you see which IP's it is using and check if they occur in your ipset set?

    You could also try making the iptables rules more generic, just blocking IP's rather than IP's, protocols and ports.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 08:25 PM - #Permalink
    Resolved
    0 votes
    thanks! now my /etc/clearos/firewall.d/20-ipset_blocks looks like: (btw, the freaking tor is working after reload, even after reboot the server)

    if [ "`lsmod | grep ip_set`" = "" ]; then
    modprobe ip_set
    fi

    $IPTABLES -N IPSET_BLK > /dev/null 2>&1

    # ensure that ipsets exist
    ipset create tor-block iphash --hashsize 26244 -exist


    $IPTABLES -I INPUT -m state --state NEW -p tcp ! --dport 25 -j IPSET_BLK
    $IPTABLES -I INPUT -m state --state NEW -p udp -m multiport ! --dports 1194,51413 -j IPSET_BLK
    $IPTABLES -I FORWARD -m state --state NEW -j IPSET_BLK
    $IPTABLES -I OUTPUT -m state --state NEW -p tcp -m multiport ! --dports 25,53 -j IPSET_BLK
    $IPTABLES -I OUTPUT -m state --state NEW -p udp ! --dport 53 -j IPSET_BLK


    $IPTABLES -I IPSET_BLK -m set --match-set tor-block src -j DROP
    $IPTABLES -I IPSET_BLK -m set --match-set tor-block dst -j DROP
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 04:53 PM - #Permalink
    Resolved
    0 votes
    I did try to mention it in the other thread but the ipset names are mixed up. The script which creates the ipset set creates a set called tor-block. Your firewall rules refer to a set called "blocklist". If you add rules pointing to "tor-block" in your IPSET_BLK chain you should be good to go.

    Note your rules are only blocking new connections and not established ones.

    Also it is much more forum friendly to list your iptables rules with:
    iptables -nvL
    and put the results between code tags. "iptables -S" is not so easy to read.
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 04:32 PM - #Permalink
    Resolved
    0 votes
    and finally

    root@gateway temp]# iptables -nvL
    Chain INPUT (policy DROP 199 packets, 46793 bytes)
    pkts bytes target prot opt in out source destination
    85549 7876K IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports !1194,51413
    329K 17M IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:!25
    29 2204 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 state RELATED,ESTABLISHED
    0 0 DROP tcp -- ens6 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens2 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    0 0 DROP tcp -- ens1 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3128
    1826 75662 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
    0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x12/0x12 state NEW reject-with tcp-reset
    293 46632 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
    0 0 DROP all -- enp3s0 * 127.0.0.0/8 0.0.0.0/0
    0 0 DROP all -- enp3s0 * 169.254.0.0/16 0.0.0.0/0
    29M 33G ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    32M 31G ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    103K 14M ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    11462 1567K ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    1349 125K ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0
    71 2185 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 0
    12 960 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 3
    3 168 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 8
    0 0 ACCEPT icmp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 icmptype 11
    0 0 ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
    0 0 ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp spt:67 dpt:68
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:2332
    0 0 ACCEPT tcp -- * * 0.0.0.0/0 10.10.10.30 tcp dpt:81
    10199 2931K ACCEPT udp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 udp dpts:1024:65535 state RELATED,ESTABLISHED
    2805K 3759M ACCEPT tcp -- enp3s0 * 0.0.0.0/0 0.0.0.0/0 tcp dpts:1024:65535 state RELATED,ESTABLISHED

    Chain FORWARD (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    47618 4033K IPSET_BLK all -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
    565K 296M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
    0 0 ACCEPT all -- pptp+ * 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- tun+ * 0.0.0.0/0 0.0.0.0/0
    46540 3883K ACCEPT all -- ens1 * 0.0.0.0/0 0.0.0.0/0
    315 24600 ACCEPT all -- ens2 * 0.0.0.0/0 0.0.0.0/0
    105 5448 ACCEPT all -- ens3 * 0.0.0.0/0 0.0.0.0/0
    679 121K ACCEPT all -- ens6 * 0.0.0.0/0 0.0.0.0/0

    Chain OUTPUT (policy DROP 0 packets, 0 bytes)
    pkts bytes target prot opt in out source destination
    254 87741 IPSET_BLK udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:!53
    79464 4794K IPSET_BLK tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW multiport dports !25,53
    29M 33G ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * pptp+ 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT all -- * tun+ 0.0.0.0/0 0.0.0.0/0
    35M 33G ACCEPT all -- * ens1 0.0.0.0/0 0.0.0.0/0
    87969 118M ACCEPT all -- * ens2 0.0.0.0/0 0.0.0.0/0
    12162 8830K ACCEPT all -- * ens3 0.0.0.0/0 0.0.0.0/0
    801 294K ACCEPT all -- * ens6 0.0.0.0/0 0.0.0.0/0
    431 124K ACCEPT icmp -- * enp3s0 0.0.0.0/0 0.0.0.0/0
    0 0 ACCEPT udp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 0.0.0.0/0 0.0.0.0/0 tcp spt:68 dpt:67
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:2332
    0 0 ACCEPT tcp -- * enp3s0 10.10.10.30 0.0.0.0/0 tcp spt:81
    1845K 157M ACCEPT all -- * enp3s0 0.0.0.0/0 0.0.0.0/0

    Chain DROP-lan (0 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0

    Chain IPSET_BLK (5 references)
    pkts bytes target prot opt in out source destination
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set blocklist dst
    0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 match-set blocklist src
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 03:40 PM - #Permalink
    Resolved
    0 votes
    my /etc/cron.daily

    #!/bin/bash

    wget -q -O /usr/src/torexitnodes https://check.torproject.org/exit-addresses


    ipset destroy -q tor-block-temp
    ipset -N tor-block-temp nethash -exist
    ipset -N tor-block nethash -exist

    for IP in `cat /usr/src/torexitnodes | grep ExitAddress | cut -d ' ' -f 2`; do
    CLEANIP=$(echo "$IP" | egrep -o '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}(/[[:digit:]]{1,2})?')
    if [ -n $CLEANIP ]; then
    ipset -A -exist tor-block-temp $CLEANIP
    fi
    done

    # swap sets
    ipset swap tor-block tor-block-temp

    # ensure that temp sets do not exist
    ipset destroy -q "tor-block-temp"

    ipset save tor-block > /usr/src/ipset_tor-block.save
    sed -i 's/create/create -exist/g' /usr/src/ipset_tor-block.save
    sed -i 's/add/add -exist/g' /usr/src/ipset_tor-block.save
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 03:21 PM - #Permalink
    Resolved
    0 votes
    thaks for the quick response!

    [root@gateway ~]# iptables -S
    -P INPUT DROP
    -P FORWARD DROP
    -P OUTPUT DROP
    -N DROP-lan
    -N IPSET_BLK
    -A INPUT -p udp -m state --state NEW -m multiport ! --dports 1194,51413 -j IPSET_BLK
    -A INPUT -p tcp -m state --state NEW -m tcp ! --dport 25 -j IPSET_BLK
    -A INPUT -p udp -m udp --dport 123 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i ens6 -p tcp -m tcp --dport 3128 -j DROP
    -A INPUT -i ens3 -p tcp -m tcp --dport 3128 -j DROP
    -A INPUT -i ens2 -p tcp -m tcp --dport 3128 -j DROP
    -A INPUT -i ens1 -p tcp -m tcp --dport 3128 -j DROP
    -A INPUT -m state --state INVALID -j DROP
    -A INPUT -p tcp -m tcp --tcp-flags SYN,ACK SYN,ACK -m state --state NEW -j REJECT --reject-with tcp-reset
    -A INPUT -p tcp -m tcp ! --tcp-flags FIN,SYN,RST,ACK SYN -m state --state NEW -j DROP
    -A INPUT -s 127.0.0.0/8 -i enp3s0 -j DROP
    -A INPUT -s 169.254.0.0/16 -i enp3s0 -j DROP
    -A INPUT -i lo -j ACCEPT
    -A INPUT -i pptp+ -j ACCEPT
    -A INPUT -i tun+ -j ACCEPT
    -A INPUT -i ens1 -j ACCEPT
    -A INPUT -i ens2 -j ACCEPT
    -A INPUT -i ens3 -j ACCEPT
    -A INPUT -i ens6 -j ACCEPT
    -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 0 -j ACCEPT
    -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 3 -j ACCEPT
    -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 8 -j ACCEPT
    -A INPUT -i enp3s0 -p icmp -m icmp --icmp-type 11 -j ACCEPT
    -A INPUT -i enp3s0 -p udp -m udp --sport 67 --dport 68 -j ACCEPT
    -A INPUT -i enp3s0 -p tcp -m tcp --sport 67 --dport 68 -j ACCEPT
    -A INPUT -d 10.10.10.30/32 -p tcp -m tcp --dport 2332 -j ACCEPT
    -A INPUT -d 10.10.10.30/32 -p tcp -m tcp --dport 81 -j ACCEPT
    -A INPUT -i enp3s0 -p udp -m udp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A INPUT -i enp3s0 -p tcp -m tcp --dport 1024:65535 -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -m state --state NEW -j IPSET_BLK
    -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
    -A FORWARD -i pptp+ -j ACCEPT
    -A FORWARD -i tun+ -j ACCEPT
    -A FORWARD -i ens1 -j ACCEPT
    -A FORWARD -i ens2 -j ACCEPT
    -A FORWARD -i ens3 -j ACCEPT
    -A FORWARD -i ens6 -j ACCEPT
    -A OUTPUT -p udp -m state --state NEW -m udp ! --dport 53 -j IPSET_BLK
    -A OUTPUT -p tcp -m state --state NEW -m multiport ! --dports 25,53 -j IPSET_BLK
    -A OUTPUT -o lo -j ACCEPT
    -A OUTPUT -o pptp+ -j ACCEPT
    -A OUTPUT -o tun+ -j ACCEPT
    -A OUTPUT -o ens1 -j ACCEPT
    -A OUTPUT -o ens2 -j ACCEPT
    -A OUTPUT -o ens3 -j ACCEPT
    -A OUTPUT -o ens6 -j ACCEPT
    -A OUTPUT -o enp3s0 -p icmp -j ACCEPT
    -A OUTPUT -o enp3s0 -p udp -m udp --sport 68 --dport 67 -j ACCEPT
    -A OUTPUT -o enp3s0 -p tcp -m tcp --sport 68 --dport 67 -j ACCEPT
    -A OUTPUT -s 10.10.10.30/32 -o enp3s0 -p tcp -m tcp --sport 2332 -j ACCEPT
    -A OUTPUT -s 10.10.10.30/32 -o enp3s0 -p tcp -m tcp --sport 81 -j ACCEPT
    -A OUTPUT -o enp3s0 -j ACCEPT
    -A DROP-lan -j DROP
    -A IPSET_BLK -m set --match-set blocklist dst -j DROP
    -A IPSET_BLK -m set --match-set blocklist src -j DROP
    The reply is currently minimized Show
  • Accepted Answer

    Monday, February 06 2017, 02:32 PM - #Permalink
    Resolved
    0 votes
    Yes. Implement the ipset script in that thread you linked to. If you have implemented the script(s), which firewall rules have you added to work on the ipset set?
    The reply is currently minimized Show
Your Reply