[tor-relays] Relay Seccurity
Roger Dingledine
arma at mit.edu
Tue Jul 5 04:31:49 UTC 2011
On Tue, Jul 05, 2011 at 12:57:55AM -0300, Tomas Sironi wrote:
> No, my home router is only accessible from the LAN. So, if you are sure Tor
> really block the local address space, then i shouldn't need to use iptables.
> But i want to be sure first. I couldn't find anything about this in the
> online manual.
Tor's default exit policy not only blocks "internal" address blocks (like
192.168.0/0/16), but it also blocks your public IP address by default too.
See the ExitPolicyRejectPrivate line in your man page.
(You want to block the public IP address too, because when your relay
tries to send traffic to the public IP address, your computer will
actually route that traffic to the private version of the address.)
So the summary is that Tor has thought about exactly this issue
and takes care of it for you automatically unless you disable the
ExitPolicyRejectPrivate config option.
--Roger
More information about the tor-relays
mailing list