|
@@ -1,18 +1,21 @@
|
|
|
|
|
|
-# An exit policy that allows exiting to IPv6 localhost
|
|
|
-#ExitPolicy accept6 [::1]:*
|
|
|
+# 1. Allow exiting to IPv6 localhost and private networks by default
|
|
|
+# ------------------------------------------------------------------
|
|
|
IPv6Exit 1
|
|
|
|
|
|
-# An exit policy that allows exiting to the entire internet on HTTP(S)
|
|
|
-# This may be required to work around #11264 with microdescriptors enabled
|
|
|
-# "The core of this issue appears to be that the Exit flag code is
|
|
|
-# optimistic (just needs a /8 [IP6?] and 2 ports), but the microdescriptor
|
|
|
-# exit policy summary code is pessimistic (needs the entire internet)."
|
|
|
-# An alternative is to disable microdescriptors and use regular
|
|
|
-# descriptors, as they do not suffer from this issue.
|
|
|
-#ExitPolicy accept6 *:80
|
|
|
-#ExitPolicy accept6 *:443
|
|
|
+# Each IPv6 tor instance is configured with Address [::1] by default
|
|
|
+# This currently only applies to bridges
|
|
|
+ExitPolicy accept6 [::1]:*
|
|
|
|
|
|
-#ExitPolicy reject6 *:*
|
|
|
-# OR
|
|
|
-ExitPolicy accept6 *:*
|
|
|
+# If you only want tor to connect to localhost, disable these lines:
|
|
|
+# This may cause network failures in some circumstances
|
|
|
+ExitPolicyRejectPrivate 0
|
|
|
+ExitPolicy accept6 private:*
|
|
|
+
|
|
|
+# 2. Optionally: Accept all IPv6 addresses, that is, the public internet
|
|
|
+# ----------------------------------------------------------------------
|
|
|
+# ExitPolicy accept6 *:*
|
|
|
+
|
|
|
+# 3. Finally, reject all IPv6 addresses which haven't been permitted
|
|
|
+# ------------------------------------------------------------------
|
|
|
+ExitPolicy reject6 *:*
|