| commit | 514f0041d190b9e142cc246e3ec7ac65342547bd | |
| author | teor (Tim Wilson-Brown) <teor2345@gmail.com> | |
| Fri, 1 Jul 2016 05:37:13 +0000 (1 15:37 +1000) | ||
| committer | teor (Tim Wilson-Brown) <teor2345@gmail.com> | |
| Fri, 1 Jul 2016 05:37:13 +0000 (1 15:37 +1000) | ||
| tree | 4476a6dbcb443e380267cc120b21ed230137b812 | treesnapshot (tar.gz zip) |
| parent | 64ee7bcd0c8e154269145b626a7cd56b9d6264a1 | commitdiff |
Avoid disclosing exit IP addresses in exit policies by default
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.
Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.
From 0.2.7.2-alpha onwards, Exits would reject all the IP addresses
they knew about in their exit policy. But this may have disclosed
addresses that were otherwise unlisted.
Now, only advertised addresses are rejected by default by
ExitPolicyRejectPrivate. All known addresses are only rejected when
ExitPolicyRejectLocalInterfaces is explicitly set to 1.