[tor-bugs] #16103 [Tor]: Clarification about reject6/accept6 torrc entries

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed Dec 9 00:21:06 UTC 2015 

#16103: Clarification about reject6/accept6 torrc entries
--------------------+------------------------------------
 Reporter:  atagar  |          Owner:
     Type:  defect  |         Status:  needs_information
 Priority:  Low     |      Milestone:  Tor: 0.2.8.x-final
Component:  Tor     |        Version:
 Severity:  Normal  |     Resolution:
 Keywords:          |  Actual Points:
Parent ID:          |         Points:  small
  Sponsor:          |
--------------------+------------------------------------

Comment (by teor):

 Replying to [comment:4 atagar]:
 > Hi teor, thanks for the updates! Just to make sure my understanding
 after reading the man page is correct...

 I'm reading doc/tor.1.txt in master, I think the changes went into
 0.2.7.5.
 I think I may have directed you to the wrong version of the man page,
 sorry.
 I'll quote from the latest version below:

 > * The **accept** and **reject** rules can only be used with IPv4
 addresses.
 > * The **accept/reject wildcard** (ex. **reject *:*** ) only apply to
 IPv4.

 {{{
     accept6 and reject6 only produce IPv6 exit policy entries. Using an
 IPv4
     address with accept6 or reject6 is ignored and generates a warning.
     accept/reject allows either IPv4 or IPv6 addresses. Use \*4 as an IPv4
     wildcard address, and \*6 as an IPv6 wildcard address. accept/reject *
     expands to matching IPv4 and IPv6 wildcard address rules. +
 }}}

 > * The **accept6** and **reject6** rules are still pretty nebulous. Do
 they accept specific addresses? If so do they use brackets? How about the
 ***** wildcard, is it allowed? Or do we only accept ranges like **/6**?

 {{{
 Each policy is of the form "**accept[6]**|**reject[6]**
 __ADDR__[/__MASK__][:__PORT__]".
 If /__MASK__ is omitted then this policy just applies to the host given.
 Instead of giving a host or network you can also use "\*" to denote the
 universe (0.0.0.0/0 and ::/128), or \*4 to denote all IPv4 addresses,
 and \*6 to denote all IPv6 addresses.
 }}}

 {{{
     Tor also allows IPv6 exit policy entries. For instance, "reject6
 [FC00::]/7:\*"
     rejects all destinations that share 7 most significant bit prefix with
     address FC00::. Respectively, "accept6 [C000::]/3:\*" accepts all
 destinations
     that share 3 most significant bit prefix with address C000::. +
 }}}

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16103#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list