[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] "Very Safe" Exit Policy



Hi list,

I was looking for suggestions/discussion on very conservative policies
for an exit relay. I run a relay now that is "reject *:*" and I wanted
to open up a few exit ports. I don't want to open up major ports due to
potential abuse issues. My server host states that, although they do
allow Tor, there is a chance of the relay being terminated at their will
[1].

I was considering using a whitelist exit policy and opening up only the
following ports to be "safe":
43 - WHOIS protocol
53 - DNS
389 - LDAP
464,543,544,749 - Kerberos
531 - AOL IM
636 - LDAP over SSL
706 - SLIC
873 - rsync
5190 - ICQ and AOL Instant Messenger
5222,5223,5269,5280,5281,5298 - XMPP
5353 - Multicast DNS
5999 - CVSup
8332,8333 - Bitcoin
9091 -Transmission (BitTorrent client) Web Interface
11371 - OpenPGP key server
64738 - Mumble/Murmur

I constructed the list based on a quick skimming of the WP ports list
[2]. I suspect allowing IRC would eventually be grounds for my host to
terminate my relay.

This would be my first time running an exit relay and I'd be happy to
hear advice and suggestions!

Thanks,
Steve


[1]
https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#OVH
[2] https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Attachment: pgpHwV4sicL02.pgp
Description: OpenPGP digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays