diff options
| author | Sebastian Hahn <sebastian@torproject.org> | 2017-11-03 23:00:27 +0100 |
|---|---|---|
| committer | Sebastian Hahn <sebastian@torproject.org> | 2017-11-04 18:30:59 +0100 |
| commit | 5a46074e550229e6c19eac9625b26af346b487fc (patch) | |
| tree | c6d062a54ed45e0fb2f35c128d328a5e4555350a /doc | |
| parent | 0386280487fce78b73e060234f515b850af9c589 (diff) | |
| download | tor-5a46074e550229e6c19eac9625b26af346b487fc.tar.gz tor-5a46074e550229e6c19eac9625b26af346b487fc.zip | |
Revert "Make ClientDNSRejectInternalAddresses testing-only."
This reverts commit 27fa4a98d23972213122fa99499efa4baebe49e3.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index 86999667a5..d701288af7 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1440,6 +1440,12 @@ The following options are useful only for clients (that is, if addresses/ports. See SocksPort for an explanation of isolation flags. (Default: 0) +[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**:: + If true, Tor does not believe any anonymously retrieved DNS answer that + tells it that an address resolves to an internal address (like 127.0.0.1 or + 192.168.0.1). This option prevents certain browser-based attacks; don't + turn it off unless you know what you're doing. (Default: 1) + [[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**:: If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is @@ -2507,7 +2513,7 @@ The following options are used for running a testing Tor network. 4 (for 40 seconds), 8, 16, 32, 60 ClientBootstrapConsensusMaxDownloadTries 80 ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 - TestingClientDNSRejectInternalAddresses 0 + ClientDNSRejectInternalAddresses 0 ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 @@ -2718,13 +2724,6 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) -[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**:: - If true, Tor does not believe any anonymously retrieved DNS answer that - tells it that an address resolves to an internal address (like 127.0.0.1 or - 192.168.0.1). This option prevents certain browser-based attacks; don't - turn it off unless you know what you're doing. (Default: 1) - - NON-PERSISTENT OPTIONS ---------------------- |