Oops. 0.0.0.0/8 and 169.254.0.0/16 are also special.

svn:r5536

diff --git a/doc/tor.1.in b/doc/tor.1.in
index 6eb658e451b29a1b104fe61facd0039a32dd83bd..352c0655f8a7eb4bf48c2d3f6538ee428a5f9370 100644 (file)
--- a/doc/tor.1.in
+++ b/doc/tor.1.in
@@ -387,11 +387,12 @@ For example, "reject 127.0.0.1:*,reject 192.168.1.0/24:*,accept *:*" would
 reject any traffic destined for localhost and any 192.168.1.* address, but
 accept anything else.
 
-To specify all internal networks (including 169.254.0.0/16,
-127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and 172.16.0.0/12), you can use
-the "private" alias instead of an address.  For example, to allow HTTP
-to 127.0.0.1 and block all other connections to internal networks, you
-can say "accept 127.0.0.1:80,reject private:*".  See RFC 3330 for more
+To specify all internal and link-local networks (including 0.0.0.0/8,
+169.254.0.0/16, 127.0.0.0/8, 192.168.0.0/16, 10.0.0.0/8, and
+172.16.0.0/12), you can use the "private" alias instead of an address.
+For example, to allow HTTP to 127.0.0.1 and block all other
+connections to internal networks, you can say "accept
+127.0.0.1:80,reject private:*".  See RFC 1918 and RFC 3330 for more
 details about internal and reserved IP address space.
 
 This directive can be specified multiple times so you don't have to put

diff --git a/src/or/config.c b/src/or/config.c
index 68da7e0af17d5758bcaa30c7da2f8c20ad23fc7c..c664026b96a807ca69b09095c8b427ef15224535 100644 (file)
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2777,6 +2777,7 @@ static int
 config_expand_exit_policy_aliases(smartlist_t *entries)
 {
   static const char *prefixes[] = {
+    "0.0.0.0/8", "169.254.0.0/16",
     "127.0.0.0/8", "192.168.0.0/16", "10.0.0.0/8", "172.16.0.0/12",NULL };
   int i;
   char *pre=NULL, *post=NULL;