dealing with NetscanOutLevel: abuse reports

This ticket is about egress network filtering to avoid server blocking by providers based on their abuse net scan solution. Those abuse reports were sent out to me, when I reboot my bare metal server, which hosts 5 relays [1].

The idea is to limit the maximal number of new connections per time unit from the local machine to a remote network segment, full-filled by Tor relays. In [2] is the current implementation. The attachments contain the output of

iptables -nvL OUTPUT > iptables.$(date +%s).log

made 7, 24 and 60 minutes after the 5 relays were restarted.

[1] https://metrics.torproject.org/rs.html#search/family:4FC26DC244109105AE131628BDB0C84F2D710941

[2] https://github.com/toralf/torutils/blob/main/ipv4-rules-egress.sh

Edited Oct 28, 2025 by toralf