[Tor-BSD] OpenBSD pf rules...
teor
teor2345 at gmail.com
Wed Nov 26 23:57:00 EST 2014
> On 27 Nov 2014, at 13:30, George Rosamond <george at ceetonetechnology.com> wrote:
>
> teor:
>>> 1. blocking what shouldn't be listening, assuming "block" is high up in
>>> your ruleset. I have a box that localhost was at 127.0.0... other than
>>> .1. Therefore, a hidden service wasn't hidden.
>>
>>
>> George,
>>
>> Is this a bug in tor where it only considers 127.0.0.1 local?
>> Or a configuration bug in the hidden service torrc?
>> Or something else?
>
>
> Good question.
>
> If a web server is configured to listen on localhost, and the torrc sets
> localhost for listening for hidden traffic, then it shouldn't. But if
> you set 127.0.0.1 (instead of localhost) and that's not the localhost
> address, then the problem arose.
>
> I'd have to test it again, but in that case it was a FreeBSD jail.
>
> But very likely it would make more sense to set your www config file and
> the torrc to listen on localhost.
>
> As I write... it does start sounding like a bug...
>
> g
>
If you can track down the specific circumstances which expose a hidden service (Is that the core issue? Or was it just disabled?), I would be happy to log a bug against tor, and chase down the offending line of code.
But if it's a misconfiguration that could happen to any proxy, there's not much tor can do.
In the small amounts of tor code I've read, 127./8 is considered local.
teor
pgp 0xABFED1AC
hkp://pgp.mit.edu/
https://gist.github.com/teor2345/d033b8ce0a99adbc89c5
http://0bin.net/paste/Mu92kPyphK0bqmbA#Zvt3gzMrSCAwDN6GKsUk7Q8G-eG+Y+BLpe7wtmU66Mx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nycbug.org/pipermail/tor-bsd/attachments/20141127/c2fe9ed6/attachment-0001.html>
More information about the Tor-BSD
mailing list