Is remove-dual-or.sh still needed with v5.1? #75
-
|
Hello! I have remove-dual-or.sh running on a cron job, and I want to check if it still is needed to be run as of the refactoring in the v5.1 update. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
|
Hi, The way the rules work, all relays and other clients get one connection no matter how many times they try. Dual-or relays get two. Having them in a block list is just a way of saving resources as the packets are immediately dropped without having to search through thousands of lines in the conntrack table each time they try. Even if you take them out of the ban list, they still can't make additional connections. However, if they got caught up in the block list let's say an hour ago and they haven't made additional tries and have no current connections, then removing them allows them to make a connection. Long story short, I just run the compare.sh from time to time manually and if it looks like there are a lot of them in the list, I just remove them. Otherwise I'll let them sit there. If you like to run a cron, a couple of times a day should be sufficient. |
Beta Was this translation helpful? Give feedback.
Hi,
It's a matter of preference. I personally don't run it for either dual-or or the regular relays.
The way the rules work, all relays and other clients get one connection no matter how many times they try. Dual-or relays get two. Having them in a block list is just a way of saving resources as the packets are immediately dropped without having to search through thousands of lines in the conntrack table each time they try.
Even if you take them out of the ban list, they still can't make additional connections. However, if they got caught up in the block list let's say an hour ago and they haven't made additional tries and have no current connections, then removing them allows them to mak…