I was wondering if I have a good compromise between not allowing BitTorrent and allowing enough ports to be useful. Here's mine.
ExitPolicy accept *:119 # accept nntp as well as default exit policy ExitPolicy accept *:22 # ssh ExitPolicy accept *:80 # www ExitPolicy accept *:443 # www secure ExitPolicy accept *:110 # pop3 ExitPolicy accept *:143 # imap ExitPolicy accept *:995 # pop3 secure ExitPolicy accept *:6660-6669 # irc ExitPolicy accept *:6697 # irc ssl ExitPolicy accept *:7000-7001 # irc ssl ExitPolicy accept *:706 # silc ExitPolicy accept *:1863 # msn ExitPolicy accept *:5050 # yahoo messenger ExitPolicy accept *:5190 # various im programs ExitPolicy accept *:5222 # various im programs ExitPolicy accept *:5223 # various im programs ExitPolicy accept *:8300 # im ExitPolicy accept *:8888 # www ExitPolicy accept *:465 # smtps (SMTP over SSL) ExitPolicy accept *:993 # imaps (IMAP over SSL) ExitPolicy accept *:994 # ircs (IRC over SSL) ExitPolicy reject *:* # no exits allowed
How does this compare with this policy located here: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Should I use the official Tor reduced policy or is mine good enough to be useful while minimizing complaints.
Nate
Thus spake Nate Homier (tor@universal-mechanism.org):
I was wondering if I have a good compromise between not allowing BitTorrent and allowing enough ports to be useful. Here's mine.
I think the better question is "Why do you think you should remove the ports you removed from the ReducedExitPolicy?"
If you can't answer that question, you should just use the ReducedExitPolicy.
How does this compare with this policy located here: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Should I use the official Tor reduced policy or is mine good enough to be useful while minimizing complaints.
If you're already going to run an exit, it is best to be as permissive as possible. It is a bad idea arbitrarily restrict the apps that people can use Tor for without very good reason.
After you remove bittorrent, most of the abuse mail you'll get will be due to 80 and 443 anyway. There are also technical reasons to avoid having 1000 slightly different versions of the reduced exit policy.
Hence the reduced policy allows every app port that we could find in use, *except* bittorrent.
On 04/09/2013 01:26 PM, Mike Perry wrote:
Thus spake Nate Homier (tor@universal-mechanism.org):
I was wondering if I have a good compromise between not allowing BitTorrent and allowing enough ports to be useful. Here's mine.
I think the better question is "Why do you think you should remove the ports you removed from the ReducedExitPolicy?"
If you can't answer that question, you should just use the ReducedExitPolicy.
How does this compare with this policy located here: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
Should I use the official Tor reduced policy or is mine good enough to be useful while minimizing complaints.
If you're already going to run an exit, it is best to be as permissive as possible. It is a bad idea arbitrarily restrict the apps that people can use Tor for without very good reason.
After you remove bittorrent, most of the abuse mail you'll get will be due to 80 and 443 anyway. There are also technical reasons to avoid having 1000 slightly different versions of the reduced exit policy.
Hence the reduced policy allows every app port that we could find in use, *except* bittorrent.
Good argument. I'll just use the official reduced policy. I removed the ports in an effort to block BitTorrent, but I see your point.
Nate
tor-relays@lists.torproject.org
-
Mike Perry -
Nate Homier