reconsidering default exit policy

Arrakis Tor arrakistor at gmail.com
Sun Aug 28 15:49:57 UTC 2005


I have brought the exitpolicy list up to date to follow with the 
conversations, if you want to be moderately restrictive.
Of course this isn't blocking the kazaa, azureus etc data from entering the 
network and slowing us down, only passing the buck. Is there a more 
effective way to keep unwanted data from entering the network at all?

ExitPolicy reject 0.0.0.0/255.0.0.0:* <http://0.0.0.0/255.0.0.0:*>
ExitPolicy reject 127.0.0.0/255.0.0.0:* <http://127.0.0.0/255.0.0.0:*>
ExitPolicy reject 10.0.0.0/255.0.0.0:* <http://10.0.0.0/255.0.0.0:*>
ExitPolicy reject 172.16.0.0/255.240.0.0:* <http://172.16.0.0/255.240.0.0:*>
ExitPolicy reject 192.168.0.0/255.255.0.0:*<http://192.168.0.0/255.255.0.0:*>
ExitPolicy reject 169.254.0.0/255.255.0.0:*<http://169.254.0.0/255.255.0.0:*>

# reject ports officially used for protocols that were never meant to be
# anonymous (e.g. email, usenet) because of the spam risk, thus reducing
# our worry that the world would associate Tor with pro-spam advocacy.

ExitPolicy reject *:25
ExitPolicy reject *:119

# reject ports officially used for poorly-designed protocols that are
# always attacked by script kiddies.

ExitPolicy reject *:135-139
ExitPolicy reject *:445

# reject ports commonly used by widely-adopted P2P filesharing programs.
# Tor does not take a stand on the ethics or legality of P2P
# filesharing, either in theory or in practice. We have simply observed
# that encouraging P2P filesharing presently makes our network less
# useful to those for whom Tor was designed.

ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6881-6999

# Block IRC
ExitPolicy reject *:6667-6669

# RFC 1918: IANA Private Use
ExitPolicy reject 10.0.0.0/8 <http://10.0.0.0/8> 

# Link Local
ExitPolicy reject 169.254.0.0/16 <http://169.254.0.0/16>

# Test Net
ExitPolicy reject 192.0.2.0/24 <http://192.0.2.0/24>

# RFC 3068: 6to4 anycast
ExitPolicy reject 192.88.99.0/24 <http://192.88.99.0/24>

# Private Use
ExitPolicy reject 192.168.0.0/16 <http://192.168.0.0/16>
ExitPolicy reject 10.0.0.0/8 <http://10.0.0.0/8> 
ExitPolicy reject 169.254.0.0/16 <http://169.254.0.0/16> 
ExitPolicy reject 172.16.0.0/12 <http://172.16.0.0/12> 
ExitPolicy reject 192.0.2.0/24 <http://192.0.2.0/24>
ExitPolicy reject 192.88.99.0/24 <http://192.88.99.0/24>
ExitPolicy reject 192.168.0.0/16 <http://192.168.0.0/16>

# Reserved for benchmarks
ExitPolicy reject 198.18.0.0/15 <http://198.18.0.0/15>

#Multicast
ExitPolicy reject 224.0.0.0/4 <http://224.0.0.0/4>

ExitPolicy accept *:*


Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050828/6db593cb/attachment.htm>


More information about the tor-talk mailing list