reconsidering default exit policy

[Geoffrey Goodell]

Choosing an appropriate default exit policy is vital to Tor, since
roughly 60% of Tor exit nodes use the default exit policy, unmodified,
and most of those who modify the exit policy probably do not rewrite from
scratch, but simply prepend new lines to the default policy.

The current default policy can be viewed in the "SERVER OPTIONS" section
of the Tor manual, under "ExitPolicy":

http://tor.eff.org/tor-manual.html

Note that this policy rejects everything under 1024 by default, with a
few specific exceptions, chosen very conservatively.  I propose that we
configure our default exit policy to match how we have been describing
our exit policy all along anyway: "accept most things; reject a few
ports most likely to lead to spam, Internet abuse, or misuse of Tor
network resources."

This in mind, here is my proposal:

# reject private networks (no surprises!)  My understanding is that you
# might want to eliminate the 127.0.0.0/8 line if your kernel
# short-circuits connections to local services and if you want those
# services to be available to Tor users who happen to choose your Tor
# node as an exit... someone please correct me if this is wrong.

ExitPolicy reject 0.0.0.0/255.0.0.0:*
ExitPolicy reject 127.0.0.0/255.0.0.0:*
ExitPolicy reject 10.0.0.0/255.0.0.0:*
ExitPolicy reject 172.16.0.0/255.240.0.0:*
ExitPolicy reject 192.168.0.0/255.255.0.0:*
ExitPolicy reject 169.254.0.0/255.255.0.0:*

# reject ports officially used for protocols that were never meant to be
# anonymous (e.g. email, usenet) because of the spam risk, thus reducing
# our worry that the world would associate Tor with pro-spam advocacy.

ExitPolicy reject *:25
ExitPolicy reject *:119

# reject ports officially used for poorly-designed protocols that are
# always attacked by script kiddies.

ExitPolicy reject *:135-139
ExitPolicy reject *:445

# reject ports commonly used by widely-adopted P2P filesharing programs.
# Tor does not take a stand on the ethics or legality of P2P
# filesharing, either in theory or in practice.  We have simply observed
# that encouraging P2P filesharing presently makes our network less
# useful to those for whom Tor was designed.

ExitPolicy reject *:1214
ExitPolicy reject *:4661-4666
ExitPolicy reject *:6346-6429
ExitPolicy reject *:6881-6999

# accept EVERYTHING else.  Tor should be open by default: that is our
# attitude; our formal policy statement should reflect that attitude.

ExitPolicy accept *:*

----------

What do people think?

Geoff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20050310/8724a211/attachment.pgp>