6/8/2014
doc/ReducedExitPolicy – Tor Bug Tracker & Wiki
The Reduced Exit Policy is an alternative to the default exit policy. It allows as many Internet services as possible while still blocking the majority of TCP ports. Currently, the policy allows approximately 65 ports. This drastically reduces the odds that a bittorrent user will select your node. Since bittorrent clients can be run on any port, and most of them pick random ports, every port you add to your exit policy increases the probability of a bittorrent client using your exit node to connect to a monitored peer that is listening on that port. This means that enabling ranges of ports is especially bad, unfortunately. Each new port adds 1/65535 to your risk of getting DMCA takedowns. This policy has been produced by scanning /etc/services, and checking various port lists around the net. This list has been carefully checked to ensure that none of these ports overlap with popular default ports for bittorrent clients. If you add to this list, please check this carefully too. Also, it would be great if someone could comment each line to list the services that it allows. Here are two comprehensive port lists to check new additions against P2P, to label unknown ports below, and to search for new ports to add: https://secure.wikimedia.org/wikipedia/en/wiki/List_of_TCP_and_UDP_port_numbers http://www.speedguide.net/ports.php Here is the policy: ExitPolicy accept *:20-23 ExitPolicy accept *:43 ExitPolicy accept *:53 ExitPolicy accept *:79-81 ExitPolicy accept *:88 ExitPolicy accept *:110 ExitPolicy accept *:143 ExitPolicy accept *:194 ExitPolicy accept *:220 ExitPolicy accept *:389 ExitPolicy accept *:443 ExitPolicy accept *:464 ExitPolicy accept *:531 ExitPolicy accept *:543-544 ExitPolicy accept *:554 ExitPolicy accept *:563 ExitPolicy accept *:636 ExitPolicy accept *:706 ExitPolicy accept *:749 https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
# FTP, SSH, telnet # WHOIS # DNS # finger, HTTP # kerberos # POP3 # IMAP # IRC # IMAP3 # LDAP # HTTPS # kpasswd # IRC/AIM # Kerberos # RTSP # NNTP over SSL # LDAP over SSL # SILC # kerberos 1/3