[tor-relays] Tor DDoS Mitigation iptables scripts updated to version 3.0.0

Background:

A set of bash scripts used to apply iptables rules to fight the current DDoS attacks. They require no dependencies to install except iptable/nftables which all Linux flavors already have and require no particular expertise. The issue was discussed here:

[issue 40093] https://gitlab.torproject.org/tpo/community/support/-/issues/40093

Update Notice:

The scripts have been updated to modify some rules and include a new rule. Also a few additional scripts have been added to make monitoring and cleanup of the block list easier or automated.

If you are already using the scripts, please update them to the new rule set. Simply use one of the scripts - depending on your current set up of Tor - in the update folder. It automatically updates your rules, keeps your current block list and requires no reboot or restart of Tor and there will be no downtime.

If you’re not using the scripts, please take a look at them and if you like, give them a try and provide feedback. All feedback is welcome and appreciated and will help fine tuning the rules to make them more effective.

Read more and download here:

https://github.com/Enkidu-6/tor-ddos

These rules have proven to let your system run at a steady RAM and CPU usage and stay green. Even if your system shows as overloaded on the relay search occasionally, the system will continue to run with no problem and will go back to green within two or three heartbeat reports.

Thank you.