From 59a356ea476ec8438e345b8695e9faf73b79c0a8 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Fri, 6 Aug 2004 10:11:57 +0000 Subject: [PATCH] clarify sockspolicy, exitpolicy rules svn:r2157 --- src/config/torrc.sample.in | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in index aea4eb790f..b26b22d18c 100644 --- a/src/config/torrc.sample.in +++ b/src/config/torrc.sample.in @@ -9,11 +9,12 @@ SocksPort 9050 SocksBindAddress 127.0.0.1 # accept connections only from localhost #SocksBindAddress 192.168.0.1:9100 # listen on a chosen IP/port -# Entry policies to allow/deny SOCKS requests based on IP. By default, -# we accept all requests from SocksBindAddress. +# Entry policies to allow/deny SOCKS requests based on IP. First +# entry that matches wins. If no SocksPolicy is set, we accept all +# (and only) requests from SocksBindAddress. # -#SocksPolicy accept 192.168.0.1/16:* -#SocksPolicy reject *:* +#SocksPolicy accept 192.168.0.1/16 +#SocksPolicy reject * # By default, we send log messages to stdout. If you want # them to go somewhere else, uncomment one or more of these example @@ -53,7 +54,8 @@ SocksBindAddress 127.0.0.1 # accept connections only from localhost # Uncomment this to mirror the directory for others (please do) #DirPort 9030 -## A comma-separated list of exit policies. If you want to *replace* +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. If you want to *replace* ## the default exit policy, end this with either a reject *:* or an ## accept *:*. Otherwise, you're *augmenting* (prepending to) the ## default exit policy. Leave commented to just use the default.