[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: exit policy



NavouWiki schrieb:
I would like to set an exit policy, but at the same time, I would like to be safe. I want my cake and eat it too. Is there a suggested safe exit policy? As far as websites go, what is preferred is the ability to read websites, but not write, such as would be done on hotmail. Secured protocols are preferred also, so there is end to end encryption.

Any suggestions?


There is to my knowledge no filter able to prevent a user from "writing" to websites, since that can be done by the same methods (POST, GET) that are required to view the website. As for end-to-end encryption, you could allow exit only to ports that are commonly used by encrypted protocols (like 443 for https, 465 for SMTPS, 993 for IMAPS... browse wikipedia to continue that list to your satisfaction).
Hence, your exit policy would look like
accept *:443
accept *:465
[any other ports denoted in the same way]
reject *:* [reject all other connections. this is important, otherwise tor falls back to the default exit policy, which is not what you want]

Read the manpage for more on tor exit policies: http://www.torproject.org/tor-manual.html.en

Please note that there is no guarantee for any of these ports not being used by a totally different protocol. You can configure your binds as you wish, so one could easily bind other services to say, port 443 (as a number of tor nodes do to allow access for those behind restrictive firewalls).

Hope this helps
Andrew