The ET/BWMGR includes a "database" which contains known TOR IP addresses. Using the ET/BWMGR IP Map feature, these addresses can be mapped to a tag which can be used to manage TOR sites that access your network.
What is TOR
TOR stands for The Onion Router, which is an anonymous proxy designed specifically to hide the identity of the person using it. At the time of this writing, our TOR database has the IPs of 7073 "known" servers.
Where is the Database
The database is stored in /usr/local/etc/bwmgr/config/tor.json, which is a JSON representation of an IP-MAP structure.
How to load the TOR Database into the ET/BWMGR
The database can be loaded using the load_ipmap utility.
/usr/bwmgr/utils/load_ipmap /usr/local/etc/bwmgr/config/tor.json
If you want to load the DB at boot time, you should add the above line to your /etc/rc.local file. Because of it's bulkiness, we're not including it as a standard feature. If you want to use it you can add it.
How it Works
The internal tagging feature will indicate a tag of "tor" whenever traffic from an IP in the TOR Database is detected. So you could block all TOR traffic with a single rule.
If you have some sites or customers that don't want TOR blocked, you can easily create rules to allow for certain destinations.
