Delivery-Date: Sun, 19 Oct 2014 05:51:51 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.8 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 446461E0194;
	Sun, 19 Oct 2014 05:51:50 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 4FFF52E947;
	Sun, 19 Oct 2014 09:51:47 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5D3FE2F4DE
 for <tor-talk@lists.torproject.org>; Sun, 19 Oct 2014 09:51:44 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id ObYXeu_03jRd for <tor-talk@lists.torproject.org>;
 Sun, 19 Oct 2014 09:51:44 +0000 (UTC)
Received: from mail.poivron.org (poivron.org [91.194.60.101])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.poivron.org",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2E6D12F437
 for <tor-talk@lists.torproject.org>; Sun, 19 Oct 2014 09:51:44 +0000 (UTC)
Received: from [127.0.0.1] (localhost [127.0.0.1]) with ESMTPSA id E4AB1C003A9
Date: Sun, 19 Oct 2014 11:51:26 +0200
From: Lunar <lunar@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20141019095126.GA9807@loar>
Mail-Followup-To: tor-talk@lists.torproject.org
References: <mailman.6192.1413384706.22553.tor-talk@lists.torproject.org>
 <70EB6DBE-6452-43ED-A4D7-67370813E4C5@mail.bitmessage.ch>
MIME-Version: 1.0
In-Reply-To: <70EB6DBE-6452-43ED-A4D7-67370813E4C5@mail.bitmessage.ch>
User-Agent: Mutt/1.5.23 (2014-03-12)
Subject: Re: [tor-talk] firewall prompt gone in 4.0?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============2758913113014088761=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============2758913113014088761==
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="x+6KMIRAuhnl3hBn"
Content-Disposition: inline


--x+6KMIRAuhnl3hBn
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

BM-2cTjsegDfZQNGQWUQjSwro6jrWLC9B3MN3@bitmessage.ch:
> It appears the nice firewall prompt has been removed in TBB 4.0. For
> those of us who block all but a couple outgoing ports (and all the
> incoming), is the only way to retain this functionality to edit the
> "torrc" file with something like below for every new download?
>=20
> ReachableAddresses accept *:80
> ReachableAddresses accept *:443

You can still configure this option through the Network Settings
available from the onion menu. The ReachableAddress setting is a bonus:
Tor will try to connect to relays in turn until it succeeds, so it
should eventually try to connect to a relay that listens on the right
port.

The rationale from removing the option is the amount of headaches for
users and support: how many users know what a firewall is? How many
users know the difference between an outgoing and an incoming firewall?
How many users actually *have* an outgoing firewall?

So they would enable ReacheableAddress for the two ports you mention,
and then configure bridges. And so Tor was not ever able to connect
because it wasn't allowed to connect to the configured bridges.

> Compared to the menu item, this seems rather inconvenient for linux
> users who (quite surprisingly) don't have any well-developed means
> to block outgoing traffic on a per-application basis, and resort to the
> less effective, though slightly more cautious practice of just opening a
> couple outgoing ports?

If it's about networw security, how about configuring bridges and only
allowing these specific IP and port in the firewall?

--=20
Lunar                                             <lunar@torproject.org>

--x+6KMIRAuhnl3hBn
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJUQ4mYAAoJEEAsIlA9Nuk2M1oQAIJtGO5Hdb+4E57CrPm6xzDJ
waqwN4P6utVSX1hIeUMSVA9MoWBXc4OpHt3psDSW0mf7xaWpZhPJmU/CzhVBsM+O
5y1f/2uCRFjJZ7TQU/y7t3RoyjkJJaHL4LxEzdKRBr+jpIWg09RC+ztBm2dAHsV8
FNeaeLyf+IJA2eGYm1RRgttcQd7kM3rpehSqegtUzEvWqb4DYkrrlwVriyFg9rQo
XCsnKzl1QE89ZFlrsJcl43wobrkHC55+wPwK1i8C+iuZDkGXeJJj5JcTcZw0Vhn5
fFNqGnzS+G1M4LiCAXheJn+3wsmV63xpZSRdBL4/pzzJr3dXq3wJHIzIUxIy03y4
B8vMj1leNs92qi5A2biNFaVBMHgj9Osbj0suMWxM7VzAokSV5Iff/MybZIxTZvQt
rkI2v4fZv3T8tWBp9aI5XMTiaEPrKZzNQEOFGOiH+YuP9H+myhOPIbEYQSEohZ/8
Qi0t76BcskzGoGZdcaPe1AOIVPEz9wR0XL580T4mRsRLp9hO8i4rNzZ9c8hS/vBL
X1Z//B1u6dhzKr6HybnveP9m4cVEPO2ia+Wy02Zoe6oG/Or1qP2OhEHxV/mF3nuF
9G5kIuDmWHmpM7tAZNAlhP8fRs30w9YHQ/M6o/aEFMblvnt4WN2I3JYr2NK3kTOB
7AX2v4JuzXIN0YxvNX2J
=DCUR
-----END PGP SIGNATURE-----

--x+6KMIRAuhnl3hBn--

--===============2758913113014088761==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============2758913113014088761==--

