vidalia and new firewall config

Thu Aug 23 06:38:25 UTC 2007

Hi Matt, others,

Here are some early thoughts on GUI layout for Tor's firewall features.
There are four features we'd like to get in sometime:
1) ReachableAddresses with a set of allowed ports, defaulting to 80,443.
2) Http{,s}Proxy with a username/password option.
3) I need to use a bridge.
4) I want to be a bridge.

So I propose changes to two places:

---------------------------------------------------------------------

First, a new page of Settings, perhaps between General and Server,
named "Firewall" or maybe "Network".

1) At the top, there's a checkbox named
"My firewall only lets certain ports out". When clicked, there's a
textbox that defaults to "80, 443". Maybe the textbox is greyed out when
it's not clicked, or maybe it's not there at all. When the textbox is
at the default, we can setconf FascistFirewall=1, otherwise we setconf
ReachableAddresses to *:"these ports".

2) Under that, there's a checkbox named
"I use a proxy to access the Internet." When clicked, there's a hostname
box and port box, as well as a username and password box. These set
HttpProxy and HttpsProxy, and also Http[s]ProxyAuthenticator if the
username or password are non-empty.
(We need a way to communicate to experts that this is an HTTP and HTTPS
proxy, without confusing ordinary users who don't know there are other
types. Maybe the hostname box label should be "HTTP proxy address".)

3) Under that, there's a checkbox named
"My ISP blocks connections to the Tor network." When clicked, Vidalia
setconfs TunnelDirConns to 1, and it provides a hostname box and port
box for the user to input a bridge address, along with an "Add" button
that will append the address:port currently in the boxes to the Bridge
list and then clear them in case we want to add more. Once we've added a
bridge it also setconfs UseBridges to 1. One day this stanza will become
more complex.

---------------------------------------------------------------------

4) The other change is to the 'Server' window. Right now it has only one
main option, which is 'Relay traffic for the Tor network'. It should
have a second choice, right under that, which is 'Help censored users
reach the Tor network'.

If either of the checkboxes is checked (you can't check both), then the
rest of the window shows up as it does now (but a little bit farther down
to accomodate that extra line). If we're choosing the 'help censored
users' one, then the defaults are different: the ORPort is 443, the
dirport is on (but still 9030), the exit policies are all 'reject',
and the bandwidth is on its lowest setting (which appears to be 256 Kbps).

I need to do a few more steps on the back end for bridge authorities
before this piece will really be useful, but it's still worth working
on the interface at this stage.

---------------------------------------------------------------------

Comments welcome, especially suggestions for changing the strings to
be more comprehensible and/or simple. Changes 1 and 2 are meant to be
end-user-ready, so we should work hard to make them clear. Changes 3
and 4 are meant to be experimental, and we should expect them to change
dramatically before we're done, so there's no need to polish them too
far yet.

Thanks!
--Roger