include the default exit policy in the man page

svn:r1983

1 files changed, 26 insertions, 1 deletions

diff --git a/doc/tor.1.in b/doc/tor.1.in
index 0bb05af38..25a7ad8c9 100644
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -109,7 +109,32 @@ For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would
 reject any traffic destined for localhost and any 192.168.1.* address, but
 accept anything else.
 
-This directive can be specified multiple times so you don't have to put it all on one line.
+This directive can be specified multiple times so you don't have to put
+it all on one line.
+
+See RFC 3330 for more details about internal and reserved IP address
+space. The default exit policy is:
+.PD 0
+.RS 12
+.IP "reject 0.0.0.0/8" 0
+.IP "reject 169.254.0.0/16" 4
+.IP "reject 127.0.0.0/8"
+.IP "reject 192.168.0.0/16"
+.IP "reject 10.0.0.0/8"
+.IP "reject 172.16.0.0/12"
+.IP "accept *:20-22"
+.IP "accept *:53"
+.IP "accept *:79-81"
+.IP "accept *:110"
+.IP "accept *:143"
+.IP "accept *:443"
+.IP "accept *:873"
+.IP "accept *:993"
+.IP "accept *:995" 4
+.IP "accept *:1024-65535"
+.IP "reject *:*"
+.RE
+.PD
 .TP
 \fBmaxonionspending \fR\fINUM\fP
 If you have more than this number of onionskins queued for decrypt, reject new ones. (Default: 100)