It's probably for the best. The implementation of upnp and nat-pmp is frequently done incorrectly. Many implementations simply break the fw security or leak identifying information by enabling the feature. I once saw a case which opened port 0 everytime upnp was used. Not closed, or stealth, but open. Encouraging running a relay is all good, but doing it and not being able to account for implementations which introduce security problems is risky.
--leeroy
On 7/23/2015 at 2:26 PM, "Jacob Appelbaum" wrote:>> Also - does this mean that after many many years... that this new
version of tor-fw-helper be enabled by default at build time?
Pretty
please? :-)
Unlikely, AFAIK the general plan was to have it as a separate
package.
That is really a major bummer if so - we should be shipping this code and enabling it by default. If a user wants to run a relay, they should only have to express that intent with a single button.
All the best, Jake