False warning(?) and logging
maillist
maillist at piirakka.com
Tue Jun 21 07:35:03 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm running on Linux 2.6.10-1-k7 i686 GNU/Linux and Tor version 0.1.0.10.
Markus
- ----- Original Message -----
From: "maillist" <maillist at piirakka.com>
To: <or-talk at freehaven.net>
Sent: Tuesday, June 21, 2005 10:31 AM
Subject: False warning(?) and logging
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi
>
> I had to change my nodes exit policy to much stricter due abuse, now my
> node
> only allows traffic to port 80 and 443 (thats just sad but hope it helps).
> When I restarted my node (do you have to restart node If policy changes?)
> I
> got following warning messages:
>
> Jun 21 10:13:14.751 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts localhost (127.x)
> Jun 21 10:13:14.752 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts addresses in private network
> 10.x
> Jun 21 10:13:14.752 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts addresses in private network
> 169.254.x
> Jun 21 10:13:14.752 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts addresses in private network
> 172.16.x
> Jun 21 10:13:14.752 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts addresses in private network
> 192.168.x
>
> Ok, my mistake. Added some lines to config, heres the whole exit policy:
>
> # Just for showoff
> ExitPolicy reject *:25
>
> Exitpolicy reject 217.78.206.0/24:*
> Exitpolicy reject 62.241.240.0/24:*
> Exitpolicy reject 62.197.172.0/24:*
> Exitpolicy reject 192.168.0.0/16:*
> Exitpolicy reject 10.0.0.0/8:*
> ExitPolicy reject 127.0.0.0/8:*
> ExitPolicy reject 169.254.0.0/16:*
> ExitPolicy reject 172.16.0.0/16:*
>
> ExitPolicy accept *:80
> ExitPolicy accept *:443
>
> ExitPolicy reject *:*
>
>
> Then I restarted my node:
>
> Jun 21 10:19:28.418 [warn] exit_policy_implicitly_allows_local_networks():
> Exit policy accept *:80 implicitly accepts addresses in private network
> 172.16.x
> done.
>
> Uh? Other messages disappeared but warning about 172.16.x... Bug or my
> mistake?
>
> And logging (from my nodes config):
> ## Send all messages of level 'notice' or higher to
> /var/log/tor/notices.log
> Log notice file /var/log/tor/notices.log
>
> Doesnt that mean that level 'warn' should go there too? Well it doesn't,
> those warnings about exit policys never ended up in logs... How to fix
> this
> and really log notices and higher?
>
>
> And third, is this anything to worry about?
> directory_handle_command_get(): Client asked for the mirrored directory,
> but
> we don't have a good one yet. Sending 503 Dir not available.
>
>
> Markus
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
> Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE
>
> iD8DBQFCt8JH6fSN8IKlpYoRAqWRAJ43nB12Je0Wg4YXwNuoLymzHDKTZgCgm+gs
> 1ulKqhF6oz7eMti2JWTMnsg=
> =wBxp
> -----END PGP SIGNATURE-----
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32) - GPGrelay v0.959
Comment: GnuPT 2.6.2.1 by EQUIPMENTE.DE
iD8DBQFCt8Mr6fSN8IKlpYoRAgGYAKCiVcNmZaRbsSHxmRp0nFWOdpu8eQCgovZL
7qWW4BHVobl3QosVlqCa6zQ=
=5Ia7
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list