[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #16103 [Tor]: Clarification about reject6/accept6 torrc entries
#16103: Clarification about reject6/accept6 torrc entries
--------------------+------------------------------------
Reporter: atagar | Owner:
Type: defect | Status: needs_information
Priority: Low | Milestone: Tor: 0.2.8.x-final
Component: Tor | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points: small
Sponsor: |
--------------------+------------------------------------
Comment (by teor):
Replying to [comment:4 atagar]:
> Hi teor, thanks for the updates! Just to make sure my understanding
after reading the man page is correct...
I'm reading doc/tor.1.txt in master, I think the changes went into
0.2.7.5.
I think I may have directed you to the wrong version of the man page,
sorry.
I'll quote from the latest version below:
> * The **accept** and **reject** rules can only be used with IPv4
addresses.
> * The **accept/reject wildcard** (ex. **reject *:*** ) only apply to
IPv4.
{{{
accept6 and reject6 only produce IPv6 exit policy entries. Using an
IPv4
address with accept6 or reject6 is ignored and generates a warning.
accept/reject allows either IPv4 or IPv6 addresses. Use \*4 as an IPv4
wildcard address, and \*6 as an IPv6 wildcard address. accept/reject *
expands to matching IPv4 and IPv6 wildcard address rules. +
}}}
> * The **accept6** and **reject6** rules are still pretty nebulous. Do
they accept specific addresses? If so do they use brackets? How about the
***** wildcard, is it allowed? Or do we only accept ranges like **/6**?
{{{
Each policy is of the form "**accept[6]**|**reject[6]**
__ADDR__[/__MASK__][:__PORT__]".
If /__MASK__ is omitted then this policy just applies to the host given.
Instead of giving a host or network you can also use "\*" to denote the
universe (0.0.0.0/0 and ::/128), or \*4 to denote all IPv4 addresses,
and \*6 to denote all IPv6 addresses.
}}}
{{{
Tor also allows IPv6 exit policy entries. For instance, "reject6
[FC00::]/7:\*"
rejects all destinations that share 7 most significant bit prefix with
address FC00::. Respectively, "accept6 [C000::]/3:\*" accepts all
destinations
that share 3 most significant bit prefix with address C000::. +
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/16103#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs