From bae0b02fa5cf2c3da961ff9c61ab08ecf5086792 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Sat, 11 Dec 2004 16:13:15 +0000 Subject: clean up ExitPolicy documentation svn:r3130 --- doc/tor.1.in | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/doc/tor.1.in b/doc/tor.1.in index 6ae5505c75..b548b58e26 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -204,11 +204,11 @@ Administrative contact information for server. .TP \fBExitPolicy \fR\fIpolicy\fR,\fIpolicy\fR,\fI...\fP Set an exit policy for this server. Each policy is of the form -"\fBreject\fP \fIADDR\fP\fB/\fP\fIMASK\fP\fB:\fP\fIPORT\fP". +"\fBaccept\fP|\fBreject\fP \fIADDR\fP[\fB/\fP\fIMASK\fP]\fB:\fP\fIPORT\fP". If \fB/\fP\fIMASK\fP is omitted then this policy just applies to the host given. Instead of giving a host or network you can also use "\fB*\fP" to -denote the universe (0.0.0.0/0). \fIPORT\fP can either be a single port number -or an interval of ports: "\fIFROM_PORT\fP\fB-\fP\fITO_PORT\fP". +denote the universe (0.0.0.0/0). \fIPORT\fP can be a single port number, +an interval of ports "\fIFROM_PORT\fP\fB-\fP\fITO_PORT\fP", or "\fB*\fP". For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would reject any traffic destined for localhost and any 192.168.1.* address, but @@ -218,7 +218,10 @@ This directive can be specified multiple times so you don't have to put it all on one line. See RFC 3330 for more details about internal and reserved IP address -space. The default exit policy is: +space. Policies are considered first to last, and the first match wins. If +you want to _replace_ the default exit policy, end your exit policy with +either a reject *:* or an accept *:*. Otherwise, you're _augmenting_ +(prepending to) the default exit policy. The default exit policy is: .PD 0 .RS 12 .IP "reject 0.0.0.0/8" 0 -- cgit v1.2.3-54-g00ecf