[tor-relays] Protecting the bridge port from active probes
Roger Dingledine
arma at torproject.org
Fri Mar 29 07:46:11 UTC 2019
On Thu, Mar 28, 2019 at 08:43:34PM +0300, Dmitrii Tcvetkov wrote:
> Since your bridge is private then bridge authority is none of your
> concerns. In that case you need ORPort reachable only if you have
> bridge clients which use bridge without pluggable transports.
Yes, this advice is correct. Feel free to firewall off your ORPort
from the outside.
It will make your bridge complain that it is unreachable, until somebody
reaches it via one of the pluggable transports, which will satisfy it
and it should stop complaining. You can also simplify that step by
setting "AssumeReachable 1" in your torrc file.
Longer term, we want to address the design issue in this ticket:
https://bugs.torproject.org/7349
and see e.g.
https://bugs.torproject.org/7349#comment:22
but so far we keep finding other things to do more urgently.
--Roger
More information about the tor-relays
mailing list