exit policy
Andrew
tor at kleinhirn.org
Mon Feb 18 09:39:26 UTC 2008
NavouWiki schrieb:
> I would like to set an exit policy, but at the same time, I would like
> to be safe. I want my cake and eat it too. Is there a suggested safe
> exit policy? As far as websites go, what is preferred is the ability
> to read websites, but not write, such as would be done on hotmail.
> Secured protocols are preferred also, so there is end to end encryption.
>
> Any suggestions?
>
>
There is to my knowledge no filter able to prevent a user from "writing"
to websites, since that can be done by the same methods (POST, GET) that
are required to view the website.
As for end-to-end encryption, you could allow exit only to ports that
are commonly used by encrypted protocols (like 443 for https, 465 for
SMTPS, 993 for IMAPS... browse wikipedia to continue that list to your
satisfaction).
Hence, your exit policy would look like
accept *:443
accept *:465
[any other ports denoted in the same way]
reject *:* [reject all other connections. this is important, otherwise
tor falls back to the default exit policy, which is not what you want]
Read the manpage for more on tor exit policies:
http://www.torproject.org/tor-manual.html.en
Please note that there is no guarantee for any of these ports not being
used by a totally different protocol. You can configure your binds as
you wish, so one could easily bind other services to say, port 443 (as a
number of tor nodes do to allow access for those behind restrictive
firewalls).
Hope this helps
Andrew
More information about the tor-talk
mailing list