- Install
ipset
:
apt-get install ipset
- Create new ipset:
ipset create tor iphash
- Read Tor Exit Node List and add to ipset:
curl -sSL "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=$(curl icanhazip.com)" | sed '/^#/d' | while read IP; do
ipset -q -A tor $IP
done
Note: This should run as daily cronjob.
- Block ipset with
iptables
:
iptables -A INPUT -m set --match-set tor src -j DROP
Here I send you this virtual beer 🍺 because this just saved my life