diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-11-05 14:09:21 -0500 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-11-05 14:09:21 -0500 |
| commit | 9f650b24e97c69216b0d85d20b8363ce1a2488de (patch) | |
| tree | 36f7d80c7b207065e1b47ec936422770d96a5d56 /doc | |
| parent | a72e13a669d79522663eb346b838da01b8937ea3 (diff) | |
| parent | 7c1f33dd0e56bbd6a99ce7797bd03423675bdd9d (diff) | |
| download | tor-9f650b24e97c69216b0d85d20b8363ce1a2488de.tar.gz tor-9f650b24e97c69216b0d85d20b8363ce1a2488de.zip | |
Merge branch 'maint-0.3.2'
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 17 |
1 files changed, 8 insertions, 9 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 1d1c7f5e04..3b881d08f9 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1440,9 +1440,15 @@ The following options are useful only for clients (that is, if addresses/ports. See SocksPort for an explanation of isolation flags. (Default: 0) +[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**:: + If true, Tor does not believe any anonymously retrieved DNS answer that + tells it that an address resolves to an internal address (like 127.0.0.1 or + 192.168.0.1). This option prevents certain browser-based attacks; it + is not allowed to be set on the default network. (Default: 1) + [[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**:: If true, Tor does not try to fulfill requests to connect to an internal - address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is + address (like 127.0.0.1 or 192.168.0.1) __unless an exit node is specifically requested__ (for example, via a .exit hostname, or a controller request). If true, multicast DNS hostnames for machines on the local network (of the form *.local) are also rejected. (Default: 1) @@ -2606,7 +2612,7 @@ The following options are used for running a testing Tor network. 4 (for 40 seconds), 8, 16, 32, 60 ClientBootstrapConsensusMaxDownloadTries 80 ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 - TestingClientDNSRejectInternalAddresses 0 + ClientDNSRejectInternalAddresses 0 ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 @@ -2817,13 +2823,6 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) -[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**:: - If true, Tor does not believe any anonymously retrieved DNS answer that - tells it that an address resolves to an internal address (like 127.0.0.1 or - 192.168.0.1). This option prevents certain browser-based attacks; don't - turn it off unless you know what you're doing. (Default: 1) - - NON-PERSISTENT OPTIONS ---------------------- |