[or-cvs] document ExitPolicyRejectPrivate in man page

arma at seul.org arma at seul.org
Wed Feb 1 05:22:14 UTC 2006 

Update of /home2/or/cvsroot/tor/doc
In directory moria:/home/arma/work/onion/cvs/tor/doc

Modified Files:
	tor.1.in 
Log Message:
document ExitPolicyRejectPrivate in man page


Index: tor.1.in
===================================================================
RCS file: /home2/or/cvsroot/tor/doc/tor.1.in,v
retrieving revision 1.122
retrieving revision 1.123
diff -u -p -d -r1.122 -r1.123
--- tor.1.in	28 Jan 2006 22:09:57 -0000	1.122
+++ tor.1.in	1 Feb 2006 05:22:11 -0000	1.123
@@ -387,15 +387,18 @@ denote the universe (0.0.0.0/0).  \fIPOR
 an interval of ports "\fIFROM_PORT\fP\fB-\fP\fITO_PORT\fP", or "\fB*\fP".
 If \fiPORT\fP is omitted, that means "\fB*\fP".
 
-For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would
-reject any traffic destined for localhost and any 192.168.1.* address, but
+For example, "accept 18.7.22.69:*,reject 18.0.0.0/8:*,accept *:*" would
+reject any traffic destined for MIT except for web.mit.edu, and
 accept anything else.
 
 To specify all internal and link-local networks (including 0.0.0.0/8,
 169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and
 172.16.0.0/12), you can use the "private" alias instead of an address.
-For example, to allow HTTP to 127.0.0.1 and block all other
-connections to internal networks, you can say "accept
+These addresses are rejected by default (at the beginning of your
+exit policy) unless you set the ExitPolicyRejectPrivate config option
+to 0. For example, once you've done that, you could allow HTTP to
+127.0.0.1 and block all other connections to internal networks with
+"accept
 127.0.0.1:80,reject private:*".  See RFC 1918 and RFC 3330 for more
 details about internal and reserved IP address space.
 
@@ -408,7 +411,6 @@ either a reject *:* or an accept *:*. Ot
 (prepending to) the default exit policy. The default exit policy is:
 .PD 0
 .RS 12
-.IP "reject private:*" 0
 .IP "reject *:25"
 .IP "reject *:119"
 .IP "reject *:135-139"
@@ -425,6 +427,11 @@ either a reject *:* or an accept *:*. Ot
 .PD
 .LP
 .TP
+\fBExitPolicyRejectPrivate \fR\fB0\fR|\fB1\fR\fP
+Reject all private (local) networks at the beginning of your exit
+policy. See above entry on ExitPolicy. (Default: 1)
+.LP
+.TP
 \fBMaxOnionsPending \fR\fINUM\fP
 If you have more than this number of onionskins queued for decrypt, reject new ones. (Default: 100)
 .LP

More information about the tor-commits mailing list