Help DirAuths rejecting certain relays based on their properties
There is an ongoing group of bad exit relays that are removed from the network by dir auths and added on the next day with new keys and IPs.
This a slow and manual process and puts tor users at risk.
Allow dirauths to reject relays based on their properties before they are included in consensuses and distributed to clients. The rejected relay should get an immediate feedback about their rejection when uploading the descriptor.
Properties can be:
- IPv4 / IPv6 address
- AS number
- AS name
- (partial) ContactInfo
- (partial) nickname
- exit policy
- OS
- tor version
- OR port
- Dir Port
- first seen date
This ticket is about providing a configuration possibility for dirauths to reject relays based on a set of properties IFF they would actually use such a feature.
Examples:
- reject new (fingerprint never seen before) relays added in AS 123 and exit policy ...
- reject new relays with nickname "abc" and contactinfo "123"
each rule should have an expiry time (i.e 10 days, 1 month, ..)
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information