Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Block Tor Exit Nodes with IPTables
  1. Install ipset:
apt-get install ipset
  1. Create new ipset:
ipset create tor iphash
  1. Read Tor Exit Node List and add to ipset:
curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$(curl icanhazip.com)" | sed '/^#/d' | while read IP; do
  ipset -q -A tor $IP
done

Note: This should run as daily cronjob.

  1. Block ipset with iptables:
iptables -A INPUT -m set --match-set tor src -j DROP

Source

@Alkanov

This comment has been minimized.

Copy link

@Alkanov Alkanov commented Apr 22, 2020

Here I send you this virtual beer 🍺 because this just saved my life

@MarcosT96

This comment has been minimized.

Copy link

@MarcosT96 MarcosT96 commented Aug 4, 2020

In addition to this excellent tool, I want to leave a similar one that has more tor IP addresses, which was also useful for me.

ipset create tor-nodes iphash

curl -sSL "https://www.dan.me.uk/torlist/?ip=$(curl icanhazip.com)" | sed '/^#/d' | while read IP; do
  ipset -q -A tor-nodes $IP
done

iptables -A INPUT -m set --match-set tor-nodes src -j DROP

@mtheophy

This comment has been minimized.

Copy link

@mtheophy mtheophy commented Nov 9, 2020

The list from dan.me.uk contains IPv4 and IPv6 addresses. To filter out v6 addresses you can use something like:

ipset create tor-nodes iphash

curl -sSL "https://www.dan.me.uk/torlist/?ip=$(curl icanhazip.com)" | sed -e '/^#/d' -e '/:/d' | while read IP; do
ipset -q -A tor-nodes $IP
done

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.