[tor-bugs] #7349 [Core Tor/Tor]: Obfsbridges should be able to "disable" their ORPort
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Feb 20 11:09:18 UTC 2020
#7349: Obfsbridges should be able to "disable" their ORPort
-------------------------------------------------+-------------------------
Reporter: asn | Owner: (none)
Type: project | Status: new
Priority: Very High | Milestone: Tor:
| unspecified
Component: Core Tor/Tor | Version:
Severity: Normal | Resolution:
Keywords: tor-bridge, SponsorZ, tor-pt, | Actual Points:
proposal-needed, censorship, sponsor19, 040 |
-roadmap-proposed, anti-censorship-roadmap |
Parent ID: | Points: 10
Reviewer: | Sponsor:
| Sponsor28-can
-------------------------------------------------+-------------------------
Comment (by dfiguera):
> Is it an inbound or outbound firewall?
The rule to filter the ORPort was applied to ingress.
The bridge has permission to open outbound connections to any address.
> Bridges need to accept inbound connections to their ORPort from the
bridge authority (for its
> reachability checks), and from other relays (for the bridge's ORPort
reachability self-treats),
> and from clients. (So any address on the Internet.)
A client using a bridge needs to connect to that bridge's ORPort and not
only to the PT port?
I was trying to make my bridge a little less vulnerable to detection.
Thanks for the clarification, I'll keep an eye on tickets related to this
to see the progress.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7349#comment:50>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list