[or-cvs] Replace (Fascist)Firewall* with a new ReachableAddresses op...

Nick Mathewson nickm at seul.org
Mon Aug 8 21:58:50 UTC 2005 

Update of /home/or/cvsroot/tor/doc
In directory moria:/tmp/cvs-serv3499/doc

Modified Files:
	TODO tor.1.in 
Log Message:
Replace (Fascist)Firewall* with a new ReachableAddresses option that understands address policies.

Index: TODO
===================================================================
RCS file: /home/or/cvsroot/tor/doc/TODO,v
retrieving revision 1.339
retrieving revision 1.340
diff -u -d -r1.339 -r1.340
--- TODO	7 Aug 2005 21:24:00 -0000	1.339
+++ TODO	8 Aug 2005 21:58:48 -0000	1.340
@@ -108,6 +108,8 @@
     - On sighup, if usehelpernodes changed to 1, use new circs.
   o Make a FirewallIPs to correspond to firewallPorts so I can use Tor at
     MIT when my directory is out of date.
+    o Document, rename, deprecate fascistfirewall, and make it use
+      addr_policy_t logic.
   - switch accountingmax to count total in+out, not either in or
     out. it's easy to move in this direction (not risky), but hard to
     back, out if we decide we prefer it the way it already is. hm.

Index: tor.1.in
===================================================================
RCS file: /home/or/cvsroot/tor/doc/tor.1.in,v
retrieving revision 1.96
retrieving revision 1.97
diff -u -d -r1.96 -r1.97
--- tor.1.in	7 Aug 2005 21:24:00 -0000	1.96
+++ tor.1.in	8 Aug 2005 21:58:48 -0000	1.97
@@ -233,19 +233,25 @@
 your firewall allows (defaults to 80 and 443; see \fBFirewallPorts\fR).  This will
 allow you to run Tor as a client behind a firewall with restrictive policies,
 but will not allow you to run as a server behind such a firewall.
+This option is deprecated; use
+ReachableAddresses instead.
 .LP
 .TP
 \fBFirewallPorts \fR\fIPORTS\fP
-A list of ports that your firewall allows you to connect to.  Only used when
-\fBFascistFirewall\fR is set. (Default: 80, 443)
+A list of ports that your firewall allows you to connect to.  Only
+used when \fBFascistFirewall\fR is set. This option is deprecated; use
+ReachableAddresses instead. (Default: 80, 443)
 .LP
 .TP
-\fBFirewallIPs \fR\fIADDR\fP[\fB/\fP\fIMASK\fP\fB][:\fP\fIPORT\fP]...\fP
-A comma-separated list of IPs that your firewall allows you to connect to.
-Only used when \fBFascistFirewall\fR is set.  The format is as for the
-addresses in ExitPolicy.  For example, 'FirewallIPs 99.0.0.0/8, *:80' means
-that your firewall allows connections to everything inside net 99, and to
-port 80 outside.
+\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP\fB][:\fP\fIPORT\fP]...\fP
+A comma-separated list of IPs that your firewall allows you to connect
+to.  Only used when \fBFascistFirewall\fR is set.  The format is as
+for the addresses in ExitPolicy, except that "accept" is understood
+unless "reject" is explicitly provided.  For example, 'FirewallIPs
+99.0.0.0/8, reject 18.0.0.0/8:80, accept *:80' means that your
+firewall allows connections to everything inside net 99, rejects port
+80 connections to net 18, and accepts connections to port 80 otherwise.
+(Default: 'accept *:*'.)
 .LP
 .TP
 \fBLongLivedPorts \fR\fIPORTS\fP

More information about the tor-commits mailing list