[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: vidalia and new firewall config
On Thursday 23 August 2007 07:38:25 Roger Dingledine wrote:
> Hi Matt, others,
>
> Here are some early thoughts on GUI layout for Tor's firewall features.
> There are four features we'd like to get in sometime:
> 1) ReachableAddresses with a set of allowed ports, defaulting to 80,443.
> 2) Http{,s}Proxy with a username/password option.
> 3) I need to use a bridge.
> 4) I want to be a bridge.
>
> So I propose changes to two places:
>
> ---------------------------------------------------------------------
>
> First, a new page of Settings, perhaps between General and Server,
> named "Firewall" or maybe "Network".
>
> 1) At the top, there's a checkbox named
> "My firewall only lets certain ports out". When clicked, there's a
> textbox that defaults to "80, 443". Maybe the textbox is greyed out when
> it's not clicked, or maybe it's not there at all. When the textbox is
> at the default, we can setconf FascistFirewall=1, otherwise we setconf
> ReachableAddresses to *:"these ports".
>
So is fascistfirewall no longer deprecated?
<snip>
>
> 4) The other change is to the 'Server' window. Right now it has only one
> main option, which is 'Relay traffic for the Tor network'. It should
> have a second choice, right under that, which is 'Help censored users
> reach the Tor network'.
>
> If either of the checkboxes is checked (you can't check both), then the
> rest of the window shows up as it does now (but a little bit farther down
> to accomodate that extra line). If we're choosing the 'help censored
> users' one, then the defaults are different: the ORPort is 443, the
> dirport is on (but still 9030), the exit policies are all 'reject',
> and the bandwidth is on its lowest setting (which appears to be 256 Kbps).
>
Choosing 443 makes this hard to implement because Tor has to be started as
root to bind to it. Would it be as well to suggest a popular high-numbered
port such as 8080?
Does the bridge still need to do PublishServerDescriptor 0?
--
Browse Anonymously Anywhere - http://anonymityanywhere.com
TorK - KDE Anonymity Manager - http://tork.sf.net
KlamAV - KDE Anti-Virus - http://www.klamav.net