| ... | ... | @@ -17,7 +17,7 @@ You may also want to block services which you need to access from the node and b |
|
|
|
|
|
|
|
Here is the policy: (If you're running an IPv6 exit, this policy applies to both IPv4 and IPv6.)
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:20-21 # FTP
|
|
|
|
ExitPolicy accept *:22 # SSH
|
|
|
|
ExitPolicy accept *:23 # Telnet
|
| ... | ... | @@ -98,18 +98,18 @@ ExitPolicy accept *:19638 # Ensim control panel |
|
|
|
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
|
|
|
|
ExitPolicy accept *:64738 # Mumble
|
|
|
|
ExitPolicy reject *:*
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
Herewith, an alternative Reduced-Reduced ExitPolicy to avoid Tor DNSBL and prevent some common outgoing port scanning / 'attack' ABUSE issues.
|
|
|
|
|
|
|
|
Reject Ports (Optional Advisory): 22, 23, 194, 465, 563, 587, 994, 3128, 3389, 6660-6669, 6679, 6697, 8000, 8080 and 9999
|
|
|
|
|
|
|
|
It should be noted that to avoid Tor DNSBL an exit nodes ORPort and/or DirPort must not use the 'default' ports 9001 or 9030. ''If your computer isn't running a webserver, and you haven't set AccountingMax, please consider changing your ORPort to 443 and/or your DirPort to 80.''
|
|
|
|
It should be noted that to avoid Tor DNSBL an exit nodes ORPort and/or DirPort must not use the 'default' ports 9001 or 9030. _If your computer isn't running a webserver, and you haven't set AccountingMax, please consider changing your ORPort to 443 and/or your DirPort to 80._
|
|
|
|
|
|
|
|
Tor DNSBL = ''Every IP which is known to run a tor server and allow their clients to connect to one of the following ports get listed: 25, 194, 465, 587, 994, 6657, 6660-6670, 6697, 7000-7005, 7070, 8000-8004, 9000, 9001, 9998, 9999'' . (source) - mxtoolbox.com/problem/blacklist/sectoor
|
|
|
|
Tor DNSBL = _Every IP which is known to run a tor server and allow their clients to connect to one of the following ports get listed: 25, 194, 465, 587, 994, 6657, 6660-6670, 6697, 7000-7005, 7070, 8000-8004, 9000, 9001, 9998, 9999_ . (source) - mxtoolbox.com/problem/blacklist/sectoor
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:20-21 # FTP - File Transfer Protocol (data / control)
|
|
|
|
#ExitPolicy accept *:22 # SSH - Secure Shell, secure logins, file transfer (potential ABUSE - common port scan attacks map.norsecorp.com)
|
|
|
|
#ExitPolicy accept *:23 # Telnet - protocol-unencrypted text communications (potential ABUSE - common port scan attacks map.norsecorp.com)
|
| ... | ... | @@ -189,7 +189,7 @@ ExitPolicy accept *:19638 # Ensim control panel |
|
|
|
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
|
|
|
|
ExitPolicy accept *:64738 # Mumble - voice over IP
|
|
|
|
ExitPolicy reject *:*
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
In a test of the above Reduced-Reduced ExitPolicy, a new Tor Exit node running with the main (original) ReducedExitPolicy was listed in a Tor DNSBL within 24 hours of achieving an Exit Relay flag status.
|
|
|
|
|
| ... | ... | @@ -203,7 +203,7 @@ Avoids common 'abuse' ports and limits port numbers above 1024 |
|
|
|
|
|
|
|
Enables useful ports for the majority of Tor users without Exit traffic related to; Remote Administration, Streaming services (high-bandwidth) and/or 'commercial' applications.
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:20-21 # FTP
|
|
|
|
ExitPolicy accept *:43 # WHOIS
|
|
|
|
ExitPolicy accept *:53 # DNS
|
| ... | ... | @@ -228,20 +228,20 @@ ExitPolicy accept *:9418 # git |
|
|
|
ExitPolicy accept *:11371 # OpenPGP hkp
|
|
|
|
ExitPolicy accept *:64738 # Mumble
|
|
|
|
ExitPolicy reject *:*
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
A basic Exit policy Example for Web Browsing (''only'') - help Tor Browser Bundle users !
|
|
|
|
A basic Exit policy Example for Web Browsing (_only_) - help Tor Browser Bundle users !
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:53 # DNS
|
|
|
|
ExitPolicy accept *:80 # HTTP
|
|
|
|
ExitPolicy accept *:443 # HTTPS
|
|
|
|
ExitPolicy reject *:*
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
''Alpha'' test - IoT (Internet of Things) Port Recommendations / Additions
|
|
|
|
_Alpha_ test - IoT (Internet of Things) Port Recommendations / Additions
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:81 # HTTP Alt
|
|
|
|
ExitPolicy accept *:83 # MIT ML Device
|
|
|
|
ExitPolicy accept *:85 # MIT ML Device
|
| ... | ... | @@ -259,11 +259,11 @@ ExitPolicy accept *:6880 # Dwyco Video Conferencing |
|
|
|
ExitPolicy accept *:8502 # FTN Message Transfer Protocol (IANA official)
|
|
|
|
ExitPolicy accept *:8601 # Wavestore CCTV protocol
|
|
|
|
ExitPolicy accept *:8602 # XBConnect, Wavestore Notification protocol
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
An EXAMPLE IoT Reduced-Exit Policy - Note : High-Bandwidth use with heavy-streaming / big-data services.
|
|
|
|
|
|
|
|
{{{
|
|
|
|
```
|
|
|
|
ExitPolicy accept *:20-21 # FTP
|
|
|
|
#ExitPolicy accept *:22 # SSH (potential ABUSE - common port scan attacks map.norsecorp.com)
|
|
|
|
#ExitPolicy accept *:23 # Telnet (potential ABUSE - common port scan attacks map.norsecorp.com)
|
| ... | ... | @@ -359,7 +359,7 @@ ExitPolicy accept *:19638 # Ensim control panel |
|
|
|
ExitPolicy accept *:50002 # Electrum Bitcoin SSL
|
|
|
|
ExitPolicy accept *:64738 # Mumble - voice over IP
|
|
|
|
ExitPolicy reject *:*
|
|
|
|
}}}
|
|
|
|
```
|
|
|
|
|
|
|
|
----
|
|
|
|
|
| ... | ... | |
