[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] "Very Safe" Exit Policy



This is a good place to start:

    https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy


On Tuesday, February 10, 2015 5:57pm, "Stephen R Guglielmo" <srguglielmo@xxxxxxxxx> said:

> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
> Hi list,
> 
> I was looking for suggestions/discussion on very conservative policies
> for an exit relay. I run a relay now that is "reject *:*" and I wanted
> to open up a few exit ports. I don't want to open up major ports due to
> potential abuse issues. My server host states that, although they do
> allow Tor, there is a chance of the relay being terminated at their will
> [1].
> 
> I was considering using a whitelist exit policy and opening up only the
> following ports to be "safe":
> 43 - WHOIS protocol
> 53 - DNS
> 389 - LDAP
> 464,543,544,749 - Kerberos
> 531 - AOL IM
> 636 - LDAP over SSL
> 706 - SLIC
> 873 - rsync
> 5190 - ICQ and AOL Instant Messenger
> 5222,5223,5269,5280,5281,5298 - XMPP
> 5353 - Multicast DNS
> 5999 - CVSup
> 8332,8333 - Bitcoin
> 9091 -Transmission (BitTorrent client) Web Interface
> 11371 - OpenPGP key server
> 64738 - Mumble/Murmur
> 
> I constructed the list based on a quick skimming of the WP ports list
> [2]. I suspect allowing IRC would eventually be grounds for my host to
> terminate my relay.
> 
> This would be my first time running an exit relay and I'd be happy to
> hear advice and suggestions!
> 
> Thanks,
> Steve
> 
> 
> [1]
> https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#OVH
> [2] https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
> 


_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays