A question about SocksPolicy option

I want to change the Tor configuration that only the following addresses can connect to the server:


How should I change the SocksPolicy option?

Thank you.

#SocksPolicy reject *
SocksPolicy accept
SocksPolicy accept
SocksPolicy accept

But for just browsing, you should go with your private bridge-option and using a Tor Browser [ A dedicated bridge for the Tor]

1 Like

Thank you so much for your reply.
Is the following line incorrect?

SocksPolicy accept,,

Should each IP address be on a separate line?

if you do not use a netmask - i guess so

SocksPolicy policy,policy,…

    Set an entrance policy for this server, to limit who can connect to the SocksPort and DNSPort ports. The policies have the same form as exit policies below, except that port specifiers are ignored. Any address not matched by some entry in the policy is accepted.

1 Like
  • Each element must have an accept or reject
  • If you only allow certain addresses, then use accept, accept…, and finalize with a reject * policy to deny all others.
  • If you allow all addresses except banned addresses, then use reject, reject…, and finalize with a accept * policy.
  • You can use commas instead of separate lines, but follow the above rules.

In your case, you should:

  • SocksPolicy accept, accept, accept, reject *
1 Like

Thank you so much for this great help.
I have another question. If I used the following rule and I just want to ban some IP address from the range, then what should I do?
SocksPolicy accept

Are the following lines correct?
SocksPolicy accept
SocksPolicy reject, reject

Are the above lines accepting all IPs except and

No, first accept/reject specific IP addresses, and at the end reject/accept all the others (*) or CIDR ranges they belong to.

In your case:

SocksPolicy reject, reject, accept

1 Like

Thank you so much for your great help.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.