diff options
| author | Nick Mathewson <nickm@torproject.org> | 2017-09-07 10:03:31 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-09-07 10:03:31 -0400 |
| commit | 27fa4a98d23972213122fa99499efa4baebe49e3 (patch) | |
| tree | f11c4da24093f55133d2ecc0b9aa73f66979bf60 /doc | |
| parent | 8421756da3fc3cc116d17fe96b50384c0d79af8b (diff) | |
| download | tor-27fa4a98d23972213122fa99499efa4baebe49e3.tar.gz tor-27fa4a98d23972213122fa99499efa4baebe49e3.zip | |
Make ClientDNSRejectInternalAddresses testing-only.
Undeprecate it;
rename it to TestingClientDNSRejectInternalAddresses;
add the old name as an alias;
reject configurations where it is set but TestingTorNetwork is not;
change the documentation accordingly.
Closes tickets 21031 and 21522.
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/tor.1.txt | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/doc/tor.1.txt b/doc/tor.1.txt index aec1767059..ddc364bd64 100644 --- a/doc/tor.1.txt +++ b/doc/tor.1.txt @@ -1408,12 +1408,6 @@ The following options are useful only for clients (that is, if addresses/ports. See SocksPort for an explanation of isolation flags. (Default: 0) -[[ClientDNSRejectInternalAddresses]] **ClientDNSRejectInternalAddresses** **0**|**1**:: - If true, Tor does not believe any anonymously retrieved DNS answer that - tells it that an address resolves to an internal address (like 127.0.0.1 or - 192.168.0.1). This option prevents certain browser-based attacks; don't - turn it off unless you know what you're doing. (Default: 1) - [[ClientRejectInternalAddresses]] **ClientRejectInternalAddresses** **0**|**1**:: If true, Tor does not try to fulfill requests to connect to an internal address (like 127.0.0.1 or 192.168.0.1) __unless a exit node is @@ -2468,7 +2462,7 @@ The following options are used for running a testing Tor network. 4 (for 40 seconds), 8, 16, 32, 60 ClientBootstrapConsensusMaxDownloadTries 80 ClientBootstrapConsensusAuthorityOnlyMaxDownloadTries 80 - ClientDNSRejectInternalAddresses 0 + TestingClientDNSRejectInternalAddresses 0 ClientRejectInternalAddresses 0 CountPrivateBandwidth 1 ExitPolicyRejectPrivate 0 @@ -2670,6 +2664,13 @@ The following options are used for running a testing Tor network. we replace it and issue a new key? (Default: 3 hours for link and auth; 1 day for signing.) +[[ClientDNSRejectInternalAddresses]] [[TestingClientDNSRejectInternalAddresses]] **TestingClientDNSRejectInternalAddresses** **0**|**1**:: + If true, Tor does not believe any anonymously retrieved DNS answer that + tells it that an address resolves to an internal address (like 127.0.0.1 or + 192.168.0.1). This option prevents certain browser-based attacks; don't + turn it off unless you know what you're doing. (Default: 1) + + NON-PERSISTENT OPTIONS ---------------------- |