How to block TOR Network with OpenBSD and PF

1 – Fetch tor master nodes ( Used for tor clients fetch exit node list )

* Trick viewed on Network Security Hacks – #hack 53

Download tor source: and edit the following file.

mybox@knights ~/tor-0.2.1.26 $ vi src/or/config.c

look for the function below: 

dd_default_trusted_dir_authorities(authority_type_t type)
{
int i;
const char *dirservers[] = {

“moria1 orport=9101 no-v2 ”
“v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 ”
“128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31”,

“tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 ”
“86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D”,

“dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 ”
“194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755”,
….
NULL
};

so the master tor nodes are: 128.31.0.39, 86.59.21.38, 192.109.206.212, …..

2 – now, we need a list of tor exit nodes, this can be obtained by the follow way:

Directly from tor website: 

$ wget -q -O - --no-check-certificate https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=YOUR_IP_ADDRESS > index.html

or by the below url, there is no need to supply your IP address ( I’m not sure how it works ) but the exit nodes are the same as the one on Tor website.

$ wget -q --no-check-certificate https://213.160.111.20/torlist/
( https://www.dan.me.uk/torlist/ )

The list is update every hour. A good way would be to place the command in the crontab, we now have the tor master nodes and the tor exit nodes

lets enable the rules on OpenBSD/PF ( pf.conf )

table <tormaster> { 128.31.0.39, 86.59.21.38, 192.109.206.212 }

* remember exists more tor master, I put some.

table <tornodes> persist file "/path/of/your/index.html"

the rules:

block in quick on $int_if to { <tormaster>, <tornodes> }
block in quick from { <tormaster>, <tornodes> }

* Don't forget to reload rules every one hour after get new exit nodes.

Happy Block

 

 

 

This entry was posted in Network, OpenBSD and tagged , , . Bookmark the permalink.