IPv6 vs IPv4 exit policies
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I just activated IPv6 support for my two exit relays today, but I do not unterstand/misconfigured the exit policies. I just want to open certain ports at IPv4 (the common known reduced exit policy) and open all Ports at IPv6 except 25. How do I configure such a thing? Current sample config is: [snip] IPv6Exit 1 ExitPolicy accept6 *:* ExitPolicy reject6 *:25 [full reduced exitpolicies snipped out] ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:* But at Globe only this is visible: https://globe.torproject.org/#/relay/F5B1FC9038A5A65FF16D6729AAB2AEDD67F D2F2A https://globe.torproject.org/#/relay/D9D7A9C203C99945D0DCBD545A20C0CB936 7C742 Can someone help me out there? Cheers! spriver -----BEGIN PGP SIGNATURE----- iQIcBAEBCgAGBQJVyNfsAAoJEMkUf8VoejgPiEEP/jS0fkncI8EWdnNm6mWvOB2Z GybS2ZpzKMYzXTx277gp5AXsySBYsMjVDpxKLsWnfhejbKiv5SxgOYipnfROLoyd uTiqP+Ha+SB83DLM9/x9/OWOImT5qdEhKHVZVrW5UeQQJ9kZPO2R7eQ5w2aQfpVd wJ5nv8iSOuL79LPDVidNcAbFrqZ07R1DW/XUMXdlgdWjNd3ToJEBxussIQFMkQLH l6mQf8lF44Hau+udwiOvmKW6xjkMMPcg16jd/hHmimcQ1pgYV0sVS3XKxJifjKKQ VLIGa1oR1rV6rJEpE+F+6f+8HGJsoilda+eDMdgLzkD0Mi+/kHNbKEokyhAEqmxd fTyY5tt10ypXprYr75F6KEvBEP9h0qHY1NRt38YbLW2J4UCGDcW9ZB3xggFCa2iz 14twdT7qnyu8QuFUzox4DaxEyzeTeZXkKpjHsNABAPlGgenDhDkNldeuQnv4n3xc mBGhoobtDKRsi9aKg+9n1qgePOk7kJVUzEyi1Vwk8RdXwu8AyucejVoC7m7cgakW bFWGyNumezGlY2jMz+ARAEDJfG0LrgpEalJ06qZovUibLBCcOludI0Xdp7Y04vH0 PnWotybn7YZjOa69oJ7HGxiAHEoNgT4SeRM/NIvVWTOdgLPbE1Nr2o1drYpmMyjR aoSklTseBiKF+b1bex1L =Bo5q -----END PGP SIGNATURE-----
If I recall correctly: Policies with '*' for the address count as both ipv4 and v6 policies, it is possible to use 0.0.0.0 for v4 and [::] (I think) for v6-specfic policies. spriver:
Hi,
I just activated IPv6 support for my two exit relays today, but I do not unterstand/misconfigured the exit policies.
I just want to open certain ports at IPv4 (the common known reduced exit policy) and open all Ports at IPv6 except 25. How do I configure such a thing?
Current sample config is:
[snip] IPv6Exit 1 ExitPolicy accept6 *:* ExitPolicy reject6 *:25
[full reduced exitpolicies snipped out] ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
But at Globe only this is visible: https://globe.torproject.org/#/relay/F5B1FC9038A5A65FF16D6729AAB2AEDD67F D2F2A https://globe.torproject.org/#/relay/D9D7A9C203C99945D0DCBD545A20C0CB936 7C742
On 12 Aug 2015, at 08:53 , ncl@cock.li wrote:
If I recall correctly: Policies with '*' for the address count as both ipv4 and v6 policies, it is possible to use 0.0.0.0 for v4 and [::] (I think) for v6-specfic policies.
Or *4 and *6, respectively, which expand to 0.0.0.0 and [::]. So the lines could look like:
IPv6Exit 1
By the way, these two lines are in the wrong order if you intend to block 25 and permit everything else. They permit everything and then the next line is ignored.
ExitPolicy accept6 *6:* ExitPolicy reject6 *6:25
[full reduced exitpolicies snipped out] ExitPolicy accept *4:50002 # Electrum Bitcoin SSL ExitPolicy accept *4:64738 # Mumble ExitPolicy reject *4:*
spriver:
Hi,
I just activated IPv6 support for my two exit relays today, but I do not unterstand/misconfigured the exit policies.
I just want to open certain ports at IPv4 (the common known reduced exit policy) and open all Ports at IPv6 except 25. How do I configure such a thing?
Current sample config is:
[snip] IPv6Exit 1 ExitPolicy accept6 *:* ExitPolicy reject6 *:25
[full reduced exitpolicies snipped out] ExitPolicy accept *:50002 # Electrum Bitcoin SSL ExitPolicy accept *:64738 # Mumble ExitPolicy reject *:*
But at Globe only this is visible: https://globe.torproject.org/#/relay/F5B1FC9038A5A65FF16D6729AAB2AEDD67F D2F2A https://globe.torproject.org/#/relay/D9D7A9C203C99945D0DCBD545A20C0CB936 7C742
tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Tim Wilson-Brown (teor) teor2345 at gmail dot com pgp ABFED1AC https://gist.github.com/teor2345/d033b8ce0a99adbc89c5 teor at blah dot im OTR D5BE4EC2 255D7585 F3874930 DB130265 7C9EBBC7
participants (3)
-
ncl@cock.li -
spriver -
teor