Browse code

Remove duplication about outgoing firewalls by splitting uses cases between client and relay

Lunar authored on22/07/2014 18:24:08
Showing1 changed files
... ...
@@ -48,8 +48,8 @@ proxies?</a></li>
48 48
     <li><a href="#IsItWorking">How can I tell if Tor is working, and that my
49 49
     connections really are anonymized?</a></li>
50 50
     <li><a href="#Mobile">Can I use Tor on my phone or mobile device?</a></li>
51
-    <li><a href="#OutboundPorts">Do I have to open all these outbound ports
52
-    on my firewall?</a></li>
51
+    <li><a href="#OutboundPorts">Which outbound ports must be open when
52
+    using Tor as a client?</a></li>
53 53
     <li><a href="#FTP">How do I use my browser for ftp with Tor?</a></li>
54 54
     <li><a href="#NoDataScrubbing">Does Tor remove personal information
55 55
     from the data my application sends?</a></li>
... ...
@@ -882,10 +882,9 @@ executive
882 882
 
883 883
     <hr>
884 884
 
885
-     <a id="OutboundPorts"></a>
886
-    <h3><a class="anchor" href="#OutboundPorts">Do I have to open all these
887
-    outbound ports on my firewall?</a></h3>
888
-
885
+    <a id="OutboundPorts"></a>
886
+    <h3><a class="anchor" href="#OutboundPorts">Which outbound ports must be open when
887
+    using Tor as a client?</a></h3>
889 888
     <p>
890 889
     Tor may attempt to connect to any port that is advertised in the
891 890
     directory as an ORPort (for making Tor connections) or a DirPort (for
... ...
@@ -894,7 +893,7 @@ executive
894 893
     ports too.
895 894
     </p>
896 895
     <p>
897
-    As a client: you could probably get away with opening only those four
896
+    When using Tor as a client, you could probably get away with opening only those four
898 897
     ports. Since Tor does all its connections in the background, it will retry
899 898
     ones that fail, and hopefully you'll never have to know that it failed, as
900 899
     long as it finds a working one often enough. However, to get the most
... ...
@@ -905,14 +904,6 @@ executive
905 904
     you want to explicitly tell your Tor client which ports are reachable
906 905
     for you.
907 906
     </p>
908
-    <p>
909
-    As a relay: you must allow outgoing connections to every other relay
910
-    and to anywhere your exit policy advertises that you allow. The
911
-    cleanest way to do that is simply to allow all outgoing connections
912
-    at your firewall. If you don't, clients will ask you to extend to
913
-    those relays, and those connections will fail, leading to complex
914
-    anonymity implications for the clients which we'd like to avoid.
915
-    </p>
916 907
 
917 908
     <hr>
918 909
 
... ...
@@ -2334,7 +2325,7 @@ too.
2334 2325
     <hr>
2335 2326
 
2336 2327
     <a id="OutgoingFirewall"></a>
2337
-    <h3><a class="anchor" href="#BandwidthShaping">How should I configure
2328
+    <h3><a class="anchor" href="#OutgoingFirewall">How should I configure
2338 2329
     my outgoing filters?</a></h3>
2339 2330
 
2340 2331
     <p>