Welcome to the IPFire Wiki

This wiki is a community-maintained resource about everything there is to know about IPFire. Join us and help us improving it!

Looking for something?

Use the search and find answers to everything about IPFire. If you cannot find what you are looking for, join our community and talk to fellow IPFire users, developers and everybody else involved in the project.

IPFire Community

Examine countries with Tor relays

At the moment, not all Tor relays are included in the GeoIP group "A1 - Anonymous Proxies". Of course, major exit relays with a large amount of bandwidth are included, as well as commercial VPN proxies.

However, if you want to use Tor, you need to allow network traffic to all countries where Tor relays are. The same problem occurs the other way round: If you have a server (for example, in your local DMZ) with port forwarding rules defined in IPFire and you want to permit Tor traffic to the server, the "GeoIP block" might cause trouble.

The following script downloads the current Tor status file from this website and checks each country for Tor relays. If a country has no relays (at the moment), it will be included in the file tor-no-relais.txt.

This way, it is possible to filter network traffic with GeoIP groups without blocking Tor users. All countries not included in tor-no-relais.txt shouldn't be blocked as there are Tor relays. (If you want to know how many, please see the Tor globe for details.)

filename = examine_tor_countries.sh

#!/bin/bash

# this script extracts the current Tor status and enumerates countries where no active relais were found

# a list of countries we need to check...
clear;
echo "[Tor Relais Status] Initializing...";
countries="AD AE AF AG AI AL AM AO AP AQ AR AS AT AU AW AX AZ BA BB BD BE BF BG BH BI BJ BL BM BN BO BQ BR BS BT BW BY BZ CA CC CD CF CG CH CI CK CL CM CN CO CR CU CV CW CX CY CZ DE DJ DK DM DO DZ EC EE EG ER ES ET EU FI FJ FK FM FO FR GA GB GD GE GF GG GH GI GL GM GN GP GQ GR GS GT GU GW GY HK HN HR HT HU ID IE IL IM IN IO IQ IR IS IT JE JM JO JP KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LI LK LR LS LT LU LV LY MA MC MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NL NO NP NR NU NZ OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RU RW SA SB SC SD SE SG SH SI SJ SK SL SM SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM US UY UZ VA VC VE VG VI VN VU WF WS YE YT ZA ZM ZW"

# download current Tor status (may take a while...)
echo "[Tor Relais Status] Downloading Tor status file...";
wget --quiet https://torstatus.blutmagie.de/query_export.php/Tor_query_EXPORT.csv;

# process downloaded file...
echo "[Tor Relais Status] Analyzing file...";
cat Tor_query_EXPORT.csv | awk -F\, '{ print $2 }' > tor-countries.txt
rm -rf Tor_query_EXPORT.csv;

echo "[Tor Relais Status] Now processing...";

echo "[Tor Relais Status] No relais were found in:" >> tor-no-relais.txt;
# search for country codes...
for i in $countries; do
numberinc="`cat tor-countries.txt | grep $i | wc -l`";
  echo "[Tor Relais Status] Country $i : $numberinc";
# log countries where no relais were found...
  if [ "$numberinc" -eq "0" ];then
  echo "$i" >> tor-no-relais.txt
fi;
done;
#rm -rf tor-countries.txt;

How to handle this script

The script does not need root privileges (for security reasons, it is not recommended to run it as root, too). After having downloaded it to a certain directory, run:

chmod +x [filename of the script]
./[filename of the script]
Edit Page ‐ Yes, you can edit!

Older Revisions • August 27 at 12:03 am • Jon