[tor-relays] Extreme Exit Policy
Roger Dingledine
arma at mit.edu
Mon Dec 17 21:47:51 UTC 2018
On Mon, Dec 17, 2018 at 09:34:49PM +0000, John Ricketts wrote:
> I am considering only allowing ports 53, 80, and 443 only. Discussion?
Thought #1: tcp port 53 isn't much used, so it would be a weird port to
choose if you've narrowed it down to three. (Some people think that they
need 53 open in order for their relay to do dns resolves for exiting
circuits, but that is not so: Tor does the resolves itself, so they
don't count as 'exit' requests.) So if your goal is to reduce things as
much as possible, don't be shy about removing 53 too.
Thought #2: if too many fast exits remove other ports from their exit
policies, then Tor gets slower for reaching those other ports. Also
there is a complex relationship with anonymity, in the sense that fewer
possible exit points mean less entropy in terms of where your stream
might have exited.
Thought #3: if you need to pare down your exit policy in order to keep
being an exit relay, then you totally should. That's what exit policies
are for after all.
Hope that helps!
--Roger
More information about the tor-relays
mailing list