In privacy mode, only explicitly allowed TCP/UDP connections should happen

[itamarst]

If Tahoe is configured in private IP mode (Tor, I2P, or some future mode) there is the possibility of random parts not respecting this. E.g. HTTP storage protocol had this issue until #4029.

One solution is to have the core networking APIs, i.e. the reactor, setup such that connections are only allowed to the entry point to Tor/I2P, and all other connections fail. If e.g. the introducer was switched to a HTTP protocol, and it had the same flaw as the HTTP storage protocol of not respecting Tor, this enforcement would cause it to fail to work, rather than silently violating privacy guarantees.