Obviously the Q-Feeds IP blacklist blocks IPs that belong to the Tor network, therefore a connection is not possible.
Only if you enable the obfs4/Snowflake/meek bridge you can connect again with the Tor Browser. Which is much slower than a normal connection.
Maybe an option "Don't block TOR IPs" would be possible in the options, although it's probably hard to differentiate those IPs from other ones.
Thank you very much for bringing this to our attention. We will investigate the options.
Kind Regards,
Stefan
@vpx23 have you considered using firewall based block lists only for inbound connections? It's what I do.
Another solution could be to add a whitelist rule with an alias with all the TOR nodes.
@Patrick M. Hausen I would feel less safe, if I get compromised e.g. by a RAT the outbound list could potentially block the connection to its C&C server.
@Q-Feeds thanks for the tip, I now added the full list from here https://www.dan.me.uk/tornodes as a firewall rule using an "URL Table (IPs)" alias as a whitelist.
Quote from: Patrick M. Hausen on January 31, 2026, 09:45:22 PM@vpx23 have you considered using firewall based block lists only for inbound connections? It's what I do.
Do you mean inbound on wan interface or also on internal interfaces?
On the first, could you explain the added value?
On the second, I also got many false positive and had to disable it.
Thanks
Quote from: FredFresh on March 19, 2026, 09:33:46 PMDo you mean inbound on wan interface or also on internal interfaces?
WAN only. That way Q-Feeds helps protect my publicly reachable services like e.g. my Nextcloud.
Correct, I always forget that many people hosts service externslly reachable.
I do not hosts anythying like that nor i use vpn frm the outside, at least for my casr i'd say there is no extra protection...or I am not considering something?