[tor-relays] "Very Safe" Exit Policy
Stephen R Guglielmo
srguglielmo at gmail.com
Tue Feb 10 22:57:32 UTC 2015
Hi list,
I was looking for suggestions/discussion on very conservative policies
for an exit relay. I run a relay now that is "reject *:*" and I wanted
to open up a few exit ports. I don't want to open up major ports due to
potential abuse issues. My server host states that, although they do
allow Tor, there is a chance of the relay being terminated at their will
[1].
I was considering using a whitelist exit policy and opening up only the
following ports to be "safe":
43 - WHOIS protocol
53 - DNS
389 - LDAP
464,543,544,749 - Kerberos
531 - AOL IM
636 - LDAP over SSL
706 - SLIC
873 - rsync
5190 - ICQ and AOL Instant Messenger
5222,5223,5269,5280,5281,5298 - XMPP
5353 - Multicast DNS
5999 - CVSup
8332,8333 - Bitcoin
9091 -Transmission (BitTorrent client) Web Interface
11371 - OpenPGP key server
64738 - Mumble/Murmur
I constructed the list based on a quick skimming of the WP ports list
[2]. I suspect allowing IRC would eventually be grounds for my host to
terminate my relay.
This would be my first time running an exit relay and I'd be happy to
hear advice and suggestions!
Thanks,
Steve
[1]
https://trac.torproject.org/projects/tor/wiki/doc/ISPCorrespondence#OVH
[2] https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20150210/c3363887/attachment.sig>
More information about the tor-relays
mailing list