Add a link to the tor exit notice page, and add a firewall rule for blocking TCP resets. (3dcee510c)

@@ -221,10 +220,15 @@ or restore your Tor relay</a> if something goes wrong.
 </p>
 
 <p>
-12. If you control the name servers for your domain, consider setting
-your hostname to 'anonymous' or 'proxy' or 'tor-proxy', so when other
-people see the address in their web logs, they will more quickly
-understand what's going on.
+
+12. If you control the name servers for your domain, consider setting your
+reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when
+other people see the address in their web logs, they will more quickly
+understand what's going on. Adding the <a
+href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html">Tor
+exit notice</a> on a vhost for this name can go a long way to deterring abuse
+complaints to you and your ISP if you are running an exit node.
+
 </p>
 
 <p>
@@ -278,7 +282,18 @@ you launch Tor.
 </p>
 
 <p>
-17. If you installed Tor via some package or installer, it probably starts
+
+17. (Unix only.) You may also want to improve accessibility of your node in
+censored locations by dropping TCP resets to its IP. Many national and
+institutional firewalls operate by killing TCP connections that contain
+censored keywords or byte patterns. On Linux, blocking these connection 
+resets is accomplished by running 
+'iptables -I INPUT -d your.tor.ip -p tcp --tcp-flags RST RST -j DROP'.
+
+</p>
+
+<p>
+18. If you installed Tor via some package or installer, it probably starts
 Tor for you automatically on boot. But if you installed from source,
 you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
 </p>


...	...	@@ -221,10 +220,15 @@ or restore your Tor relay</a> if something goes wrong.
221	220	</p>
222	221
223	222	<p>
224		-12. If you control the name servers for your domain, consider setting
225		-your hostname to 'anonymous' or 'proxy' or 'tor-proxy', so when other
226		-people see the address in their web logs, they will more quickly
227		-understand what's going on.
	223	+
	224	+12. If you control the name servers for your domain, consider setting your
	225	+reverse DNS hostname to 'anonymous-relay', 'proxy' or 'tor-proxy', so when
	226	+other people see the address in their web logs, they will more quickly
	227	+understand what's going on. Adding the <a
	228	+href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html">Tor
	229	+exit notice</a> on a vhost for this name can go a long way to deterring abuse
	230	+complaints to you and your ISP if you are running an exit node.
	231	+
228	232	</p>
229	233
230	234	<p>
...	...	@@ -278,7 +282,18 @@ you launch Tor.
278	282	</p>
279	283
280	284	<p>
281		-17. If you installed Tor via some package or installer, it probably starts
	285	+
	286	+17. (Unix only.) You may also want to improve accessibility of your node in
	287	+censored locations by dropping TCP resets to its IP. Many national and
	288	+institutional firewalls operate by killing TCP connections that contain
	289	+censored keywords or byte patterns. On Linux, blocking these connection
	290	+resets is accomplished by running
	291	+'iptables -I INPUT -d your.tor.ip -p tcp --tcp-flags RST RST -j DROP'.
	292	+
	293	+</p>
	294	+
	295	+<p>
	296	+18. If you installed Tor via some package or installer, it probably starts
282	297	Tor for you automatically on boot. But if you installed from source,
283	298	you may find the initscripts in contrib/tor.sh or contrib/torctl useful.
284	299	</p>
285	300

tor-webwml.git