6/8/2014
doc/ReducedExitPolicy – Tor Bug Tracker & Wiki
The Reduced Exit Policy is an alternative to the default exit policy. It allows as many Internet services as possible while still blocking the majority of TCP ports. Currently, the policy allows approximately 65 ports. This drastically reduces the odds that a bittorrent user will select your node. Since bittorrent clients can be run on any port, and most of them pick random ports, every port you add to your exit policy increases the probability of a bittorrent client using your exit node to connect to a monitored peer that is listening on that port. This means that enabling ranges of ports is especially bad, unfortunately. Each new port adds 1/65535 to your risk of getting DMCA takedowns. This policy has been produced by scanning /etc/services, and checking various port lists around the net. This list has been carefully checked to ensure that none of these ports overlap with popular default ports for bittorrent clients. If you add to this list, please check this carefully too. Also, it would be great if someone could comment each line to list the services that it allows. Here are two comprehensive port lists to check new additions against P2P, to label unknown ports below, and to search for new ports to add: https://secure.wikimedia.org/wikipedia/en/wiki/List_of_TCP_and_UDP_port_numbers http://www.speedguide.net/ports.php Here is the policy: ExitPolicy accept *:20-23 ExitPolicy accept *:43 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:88 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:194 ExitPolicy accept *:220 ExitPolicy accept *:389 ExitPolicy accept *:443 ExitPolicy accept *:464 ExitPolicy accept *:531 ExitPolicy accept *:543-544 ExitPolicy accept *:554 ExitPolicy accept *:563 ExitPolicy accept *:636 ExitPolicy accept *:706 ExitPolicy accept *:749 https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
# FTP, SSH, telnet # WHOIS # DNS # finger, HTTP # kerberos # POP3 # IMAP # IRC # IMAP3 # LDAP # HTTPS # kpasswd # IRC/AIM # Kerberos # RTSP # NNTP over SSL # LDAP over SSL # SILC # kerberos 1/3
6/8/2014
doc/ReducedExitPolicy – Tor Bug Tracker & Wiki
ExitPolicy accept *:873 # rsync ExitPolicy accept *:902-904 # VMware ExitPolicy accept *:981 # Remote HTTPS management for firewall ExitPolicy accept *:989-995 # FTP over SSL, Netnews Administration System, telnets, IMAP over SSL, ircs, POP3 ExitPolicy accept *:1194 # OpenVPN ExitPolicy accept *:1220 # QT Server Admin ExitPolicy accept *:1293 # PKT-KRB-IPSec ExitPolicy accept *:1500 # VLSI License Manager ExitPolicy accept *:1533 # Sametime ExitPolicy accept *:1677 # GroupWise ExitPolicy accept *:1723 # PPTP ExitPolicy accept *:1755 # RTSP ExitPolicy accept *:1863 # MSNP ExitPolicy accept *:2082 # Infowave Mobility Server ExitPolicy accept *:2083 # Secure Radius Service (radsec) ExitPolicy accept *:2086-2087 # GNUnet, ELI ExitPolicy accept *:2095-2096 # NBX ExitPolicy accept *:2102-2104 # Zephyr ExitPolicy accept *:3128 # SQUID ExitPolicy accept *:3389 # MS WBT ExitPolicy accept *:3690 # SVN ExitPolicy accept *:4321 # RWHOIS ExitPolicy accept *:4643 # Virtuozzo ExitPolicy accept *:5050 # MMCC ExitPolicy accept *:5190 # ICQ ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL ExitPolicy accept *:5228 # Android Market ExitPolicy accept *:5900 # VNC ExitPolicy accept *:6660-6669 # IRC ExitPolicy accept *:6679 # IRC SSL ExitPolicy accept *:6697 # IRC SSL ExitPolicy accept *:8000 # iRDMI ExitPolicy accept *:8008 # HTTP alternate ExitPolicy accept *:8074 # Gadu-Gadu ExitPolicy accept *:8080 # HTTP Proxies ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP ExitPolicy accept *:8332-8333 # BitCoin ExitPolicy accept *:8443 # PCsync HTTPS ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE ExitPolicy accept *:9418 # git ExitPolicy accept *:9999 # distinct ExitPolicy accept *:10000 # Network Data Management Protocol ExitPolicy accept *:11371 # OpenPGP hkp (http keyserver protocol) https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
2/3
6/8/2014
doc/ReducedExitPolicy – Tor Bug Tracker & Wiki
ExitPolicy accept *:12350 ExitPolicy accept *:19294 ExitPolicy accept *:19638 ExitPolicy accept *:23456 ExitPolicy accept *:33033 ExitPolicy accept *:64738 ExitPolicy reject *:*
# Skype # Google Voice TCP # Ensim control panel # Skype # Skype # Mumble
Last modified on Sep 4, 2013 6:40:31 PM
https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
3/3