| 4 Aug 2025 |
 hexa | yeah, I'm temporarily blocking tor exits | 18:53:12 |
| hexa | the requests stopped a minute after I sent the mail | 18:57:02 |
| hexa | also boo, we're still using iptables | 18:57:17 |
| 5 Aug 2025 |
 @emma:rory.gay | or youre using the nftables wrapper lol | 02:59:30 |
| hexa | the nixos default 🤷 | 03:00:29 |
| hexa | quite a bit of technical debt in there | 03:00:51 |
| @emma:rory.gay | yeah, thats the nftables wraper | 03:02:10 |
| @emma:rory.gay | iptables v1.8.11 (nf_tables) | 03:02:18 |
| @emma:rory.gay | glad that still exists because i have no clue how to manage nftables | 03:02:46 |
| hexa | systemd.services.nft-update-tor-exits = {
wantedBy = [ "nftables.service" ];
after = [ "nftables.service" ];
startAt = "hourly";
script = ''
curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?exit" | sed '/^#/d' | while read IP; do
nft add element inet filter torexits { $IP }
done
'';
path = with pkgs; [
curl
nftables
];
};
| 03:10:29 |
| hexa | set torexits {
type ipv4_addr;
flags dynamic, timeout;
timeout 6h;
}
| 03:11:00 |
| hexa | basically you can create a datatype, e.g. a set | 03:11:06 |
| hexa | and add to it, and have entries timeout automatically | 03:11:14 |
| hexa | and then match on that set | 03:11:31 |
| hexa | ip saddr @torexits counter drop
| 03:11:38 |
|  sinan changed their profile picture. | 03:58:54 |
