It's probably for the best. The implementation of upnp and nat-pmp is frequently done incorrectly. Many implementations simply break the fw security or leak identifying information by enabling the feature. I once saw a case which opened port 0 everytime upnp was used. Not closed, or stealth, but open. Encouraging running a relay is all good, but doing it and not being able to account for implementations which introduce security problems is risky.
--leeroy On 7/23/2015 at 2:26 PM, "Jacob Appelbaum" wrote:>> Also - does this mean that after many many years... that this new >> version of tor-fw-helper be enabled by default at build time? Pretty >> please? :-) > > Unlikely, AFAIK the general plan was to have it as a separate package. > That is really a major bummer if so - we should be shipping this code and enabling it by default. If a user wants to run a relay, they should only have to express that intent with a single button. All the best, Jake
_______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
