From 1dca309769f94777d210ba3dddf4ba8781191456 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Tue, 6 Apr 2004 01:00:26 +0000 Subject: Document :n-m exit policy svn:r1501 --- doc/tor.1.in | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/doc/tor.1.in b/doc/tor.1.in index b6aafb85c..24a59cf73 100644 --- a/doc/tor.1.in +++ b/doc/tor.1.in @@ -95,9 +95,16 @@ The fqdn of this server (e.g. moria.mit.edu). Store working data in DIR (Default: @LOCALSTATEDIR@/lib/tor) .TP \fBexitpolicy \fR\fIpolicy,policy,...\fP -Set an exit policy for this server. Each policy is of the form "reject ADDR/MASK:PORT". For example, -"reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would reject any traffic destined for -localhost and any 192.168.1.* address, but accept anything else. +Set an exit policy for this server. Each policy is of the form +"\fBreject\fP \fIADDR\fP\fB/\fP\fIMASK\fP\fB:\fP\fIPORT\fP". +If \fB/\fP\fIMASK\fP is ommitted then this policy just applies to the host +given. Instead of giving a host or network you can also use "\fB*\fP" to +denote the universe (0.0.0.0/0). \fIPORT\fP can either be a single port number +or an interval of ports: "\fIFROM_PORT\fP\fB-\fP\fITO_PORT\fP". + +For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would +reject any traffic destined for localhost and any 192.168.1.* address, but +accept anything else. .TP \fBmaxonionspending \fR\fINUM\fP If you have more than this number of onionskins queued for decrypt, reject new ones. (Default: 100) -- cgit v1.2.3