aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
Diffstat (limited to 'doc')
-rw-r--r--doc/TODO2
-rw-r--r--doc/tor.1.in26
2 files changed, 18 insertions, 10 deletions
diff --git a/doc/TODO b/doc/TODO
index f3fa682a81..e080d8d644 100644
--- a/doc/TODO
+++ b/doc/TODO
@@ -108,6 +108,8 @@ N . helper nodes (Choose N nodes randomly; if a node dies (goes down for a
- On sighup, if usehelpernodes changed to 1, use new circs.
o Make a FirewallIPs to correspond to firewallPorts so I can use Tor at
MIT when my directory is out of date.
+ o Document, rename, deprecate fascistfirewall, and make it use
+ addr_policy_t logic.
- switch accountingmax to count total in+out, not either in or
out. it's easy to move in this direction (not risky), but hard to
back, out if we decide we prefer it the way it already is. hm.
diff --git a/doc/tor.1.in b/doc/tor.1.in
index d6bf9c82d0..107a78f3d7 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -233,19 +233,25 @@ If 1, Tor will only create outgoing connections to ORs running on ports that
your firewall allows (defaults to 80 and 443; see \fBFirewallPorts\fR). This will
allow you to run Tor as a client behind a firewall with restrictive policies,
but will not allow you to run as a server behind such a firewall.
+This option is deprecated; use
+ReachableAddresses instead.
.LP
.TP
\fBFirewallPorts \fR\fIPORTS\fP
-A list of ports that your firewall allows you to connect to. Only used when
-\fBFascistFirewall\fR is set. (Default: 80, 443)
-.LP
-.TP
-\fBFirewallIPs \fR\fIADDR\fP[\fB/\fP\fIMASK\fP\fB][:\fP\fIPORT\fP]...\fP
-A comma-separated list of IPs that your firewall allows you to connect to.
-Only used when \fBFascistFirewall\fR is set. The format is as for the
-addresses in ExitPolicy. For example, 'FirewallIPs 99.0.0.0/8, *:80' means
-that your firewall allows connections to everything inside net 99, and to
-port 80 outside.
+A list of ports that your firewall allows you to connect to. Only
+used when \fBFascistFirewall\fR is set. This option is deprecated; use
+ReachableAddresses instead. (Default: 80, 443)
+.LP
+.TP
+\fBReachableAddresses \fR\fIADDR\fP[\fB/\fP\fIMASK\fP\fB][:\fP\fIPORT\fP]...\fP
+A comma-separated list of IPs that your firewall allows you to connect
+to. Only used when \fBFascistFirewall\fR is set. The format is as
+for the addresses in ExitPolicy, except that "accept" is understood
+unless "reject" is explicitly provided. For example, 'FirewallIPs
+99.0.0.0/8, reject 18.0.0.0/8:80, accept *:80' means that your
+firewall allows connections to everything inside net 99, rejects port
+80 connections to net 18, and accepts connections to port 80 otherwise.
+(Default: 'accept *:*'.)
.LP
.TP
\fBLongLivedPorts \fR\fIPORTS\fP
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion