Hi, since I really like this new feature I added [1] initial autoconfiguration support for it to ansible-relayor (user can opt-in via a single boolean and we automate the rest). I want to make sure I do this correctly and would like your feedback on the following questions: a) Is 'OutboundBindAddressOR' in the following context optional (in the sense that it does not change tor's behavior)? ExitRelay 1 ExitPolicy reject *:25,accept *:* ORPort 1.2.3.4:9001 OutboundBindAddress 1.2.3.4 OutboundBindAddressOR 1.2.3.4 OutboundBindAddressExit 7.7.7.7 is identical to: ExitRelay 1 ExitPolicy reject *:25,accept *:* ORPort 1.2.3.4:9001 OutboundBindAddress 1.2.3.4 OutboundBindAddressExit 7.7.7.7 (since according to the manual page OutboundBindAddress*OR* would just override OutboundBindAddress, which is not needed in the above example since they match) b) Is it ok to set OutboundBindAddressExit for IPv4 only, even if we set 'IPv6Exit 1' or is setting an IPv6 OutboundBindAddressExit address required after setting OutboundBindAddressExit for IPv4? Since this question might be a bit confusing I'll give an example in form of torrc lines: ORPort 1.2.3.4:9001 OutboundBindAddress 1.2.3.4 OutboundBindAddressExit 7.7.7.7 IPv6Exit 1 ExitRelay 1 ExitPolicy reject *:25,accept *:* (this config has an IPv4 OutboundBindAddressExit entry but no IPv6 OutboundBindAddressExit entry) c) Similar to (b) is it ok to enable OutboundBindAddressExit for IPv6 only? d) Is it ok if multiple tor instances on the same host use the same OutboundBindAddressExit address? (ignoring the fact that big exits might run out of source ports?) thanks, nusenu [1] https://github.com/nusenu/ansible-relayor/commit/00fa7c571e8b6f6256092d992831598ad73201db -- https://mastodon.social/@nusenu https://twitter.com/nusenu_
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev