Block Tor IP Addresses with CSF Firewall
To block traffic from TOR using CSF firewall, edit
1 |
vi /etc/csf/csf.blocklists |
Add following to end of the file
1 |
TOR|86400|0|https://www.dan.me.uk/torlist/ |
86400 = Tor IP list updated every 86400 seconds (12 hours), you can change this if required, but updating every 12 hours is fine for such a large list.
Now restart CSF and LFD
1 2 |
csf -r systemctl restart lfd |
You can verify IPs get added to firewall by running
1 |
iptables -L -n |
You wills see DROP lines for each of the TOR IP address.
1 2 3 |
# iptables -L -n | grep DROP | wc -l 5955 # |
You will be able to see the downloaded TOR IP list at
1 |
/var/lib/csf/csf.block.TOR |