[tor-talk] firewall prompt gone in 4.0?

Lunar lunar at torproject.org
Sun Oct 19 09:51:26 UTC 2014


BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3 at bitmessage.ch:
> It appears the nice firewall prompt has been removed in TBB 4.0. For
> those of us who block all but a couple outgoing ports (and all the
> incoming), is the only way to retain this functionality to edit the
> "torrc" file with something like below for every new download?
> 
> ReachableAddresses accept *:80
> ReachableAddresses accept *:443

You can still configure this option through the Network Settings
available from the onion menu. The ReachableAddress setting is a bonus:
Tor will try to connect to relays in turn until it succeeds, so it
should eventually try to connect to a relay that listens on the right
port.

The rationale from removing the option is the amount of headaches for
users and support: how many users know what a firewall is? How many
users know the difference between an outgoing and an incoming firewall?
How many users actually *have* an outgoing firewall?

So they would enable ReacheableAddress for the two ports you mention,
and then configure bridges. And so Tor was not ever able to connect
because it wasn't allowed to connect to the configured bridges.

> Compared to the menu item, this seems rather inconvenient for linux
> users who (quite surprisingly) don't have any well-developed means
> to block outgoing traffic on a per-application basis, and resort to the
> less effective, though slightly more cautious practice of just opening a
> couple outgoing ports?

If it's about networw security, how about configuring bridges and only
allowing these specific IP and port in the firewall?

-- 
Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20141019/e3b65644/attachment.sig>


More information about the tor-talk mailing list