On Thu, Mar 28, 2019 at 08:43:34PM +0300, Dmitrii Tcvetkov wrote:
Since your bridge is private then bridge authority is none of your concerns. In that case you need ORPort reachable only if you have bridge clients which use bridge without pluggable transports.
Yes, this advice is correct. Feel free to firewall off your ORPort from the outside.
It will make your bridge complain that it is unreachable, until somebody reaches it via one of the pluggable transports, which will satisfy it and it should stop complaining. You can also simplify that step by setting "AssumeReachable 1" in your torrc file.
Longer term, we want to address the design issue in this ticket: https://bugs.torproject.org/7349 and see e.g. https://bugs.torproject.org/7349#comment:22 but so far we keep finding other things to do more urgently.
--Roger