Add a link to the tor exit notice page, and add a firewall rule for blocking TCP resets.
Mike Perry

Mike Perry commited on 2008-03-22 22:43:42
Zeige 1 geänderte Dateien mit 21 Einfügungen und 5 Löschungen.

... ...
@@ -221,10 +220,15 @@ or restore your Tor relay</a> if something goes wrong.
221 220
 </p>
222 221
 
223 222
 <p>
224
-12. If you control the name servers for your domain, consider setting
225
-your hostname to 'anonymous' or 'proxy' or 'tor-proxy', so when other
226
-people see the address in their web logs, they will more quickly
227
-understand what's going on.
223
+
224
+12. If you control the name servers for your domain, consider setting your
225
+reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when
226
+other people see the address in their web logs, they will more quickly
227
+understand what's going on. Adding the <a
228
+href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html">Tor
229
+exit notice</a> on a vhost for this name can go a long way to deterring abuse
230
+complaints to you and your ISP if you are running an exit node.
231
+
228 232
 </p>
229 233
 
230 234
 <p>
... ...
@@ -278,7 +282,18 @@ you launch Tor.
278 282
 </p>
279 283
 
280 284
 <p>
281
-17. If you installed Tor via some package or installer, it probably starts
285
+
286
+17. (Unix only.) You may also want to improve accessibility of your node in
287
+censored locations by dropping TCP resets to its IP. Many national and
288
+institutional firewalls operate by killing TCP connections that contain
289
+censored keywords or byte patterns. On Linux, blocking these connection 
290
+resets is accomplished by running 
291
+'iptables -I INPUT -d your.tor.ip -p tcp --tcp-flags RST RST -j DROP'.
292
+
293
+</p>
294
+
295
+<p>
296
+18. If you installed Tor via some package or installer, it probably starts
282 297
 Tor for you automatically on boot. But if you installed from source,
283 298
 you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
284 299
 </p>
285 300