On Mon, Dec 17, 2018 at 09:34:49PM +0000, John Ricketts wrote:
I am considering only allowing ports 53, 80, and 443 only. Discussion?
Thought #1: tcp port 53 isn't much used, so it would be a weird port to choose if you've narrowed it down to three. (Some people think that they need 53 open in order for their relay to do dns resolves for exiting circuits, but that is not so: Tor does the resolves itself, so they don't count as 'exit' requests.) So if your goal is to reduce things as much as possible, don't be shy about removing 53 too.
Thought #2: if too many fast exits remove other ports from their exit policies, then Tor gets slower for reaching those other ports. Also there is a complex relationship with anonymity, in the sense that fewer possible exit points mean less entropy in terms of where your stream might have exited.
Thought #3: if you need to pare down your exit policy in order to keep being an exit relay, then you totally should. That's what exit policies are for after all.
Hope that helps! --Roger