On Thu, Aug 10, 2017 at 12:02:16AM +0000, isis agora lovecruft wrote:
If you send it to isis@torproject.org, I'll make a patch. The ticket for this is:
Felix, we usually ask operators of default bridges to configure these settings in torrc: AssumeReachable 1 BridgeRelay 1 ExtORPort auto
In addition, it is best if you use a firewall to block the bridge's regular ORPort (while leaving the obfs4 port unblocked). Blocking the bridge's ORPort is a hack to prevent the bridge from being included in BridgeDB, which eliminates a couple of ways a censor might discover and block the bridge: 1) by enumerating BridgeDB, and 2) by fingerprinting plain-Tor connections to the bridge's IP address (made by users who discovered the plain-Tor port through BridgeDB).