|
@@ -1770,7 +1770,13 @@ is non-zero):
|
|
|
reject *:6346-6429
|
|
|
reject *:6699
|
|
|
reject *:6881-6999
|
|
|
- accept *:*
|
|
|
+ accept *:* +
|
|
|
+ +
|
|
|
+ If you want to use a reduced exit policy rather than the default exit
|
|
|
+ policy, set "ReducedExitPolicy 1". If you want to _replace_ the default
|
|
|
+ exit policy with your custom exit policy, end your exit policy with either
|
|
|
+ a reject *:* or an accept *:*. Otherwise, you’re _augmenting_ (prepending
|
|
|
+ to) the default or reduced exit policy.
|
|
|
|
|
|
[[ExitPolicyDefault]]::
|
|
|
Since the default exit policy uses accept/reject *, it applies to both
|
|
@@ -1794,6 +1800,99 @@ is non-zero):
|
|
|
to disclose.
|
|
|
(Default: 0)
|
|
|
|
|
|
+[[ReducedExitPolicy] **ReducedExitPolicy** **0**|**1**::
|
|
|
+ If set, use a reduced exit policy rather than the default one. +
|
|
|
+ +
|
|
|
+ The reduced exit policy is an alternative to the default exit policy. It
|
|
|
+ allows as many Internet services as possible while still blocking the
|
|
|
+ majority of TCP ports. Currently, the policy allows approximately 65 ports.
|
|
|
+ This reduces the odds that your node will be used for peer-to-peer
|
|
|
+ applications. +
|
|
|
+ +
|
|
|
+ The reduced exit policy is:
|
|
|
+
|
|
|
+ accept *:20-21
|
|
|
+ accept *:22
|
|
|
+ accept *:23
|
|
|
+ accept *:43
|
|
|
+ accept *:53
|
|
|
+ accept *:79
|
|
|
+ accept *:80-81
|
|
|
+ accept *:88
|
|
|
+ accept *:110
|
|
|
+ accept *:143
|
|
|
+ accept *:194
|
|
|
+ accept *:220
|
|
|
+ accept *:389
|
|
|
+ accept *:443
|
|
|
+ accept *:464
|
|
|
+ accept *:465
|
|
|
+ accept *:531
|
|
|
+ accept *:543-544
|
|
|
+ accept *:554
|
|
|
+ accept *:563
|
|
|
+ accept *:587
|
|
|
+ accept *:636
|
|
|
+ accept *:706
|
|
|
+ accept *:749
|
|
|
+ accept *:873
|
|
|
+ accept *:902-904
|
|
|
+ accept *:981
|
|
|
+ accept *:989-990
|
|
|
+ accept *:991
|
|
|
+ accept *:992
|
|
|
+ accept *:993
|
|
|
+ accept *:994
|
|
|
+ accept *:995
|
|
|
+ accept *:1194
|
|
|
+ accept *:1220
|
|
|
+ accept *:1293
|
|
|
+ accept *:1500
|
|
|
+ accept *:1533
|
|
|
+ accept *:1677
|
|
|
+ accept *:1723
|
|
|
+ accept *:1755
|
|
|
+ accept *:1863
|
|
|
+ accept *:2082
|
|
|
+ accept *:2083
|
|
|
+ accept *:2086-2087
|
|
|
+ accept *:2095-2096
|
|
|
+ accept *:2102-2104
|
|
|
+ accept *:3128
|
|
|
+ accept *:3389
|
|
|
+ accept *:3690
|
|
|
+ accept *:4321
|
|
|
+ accept *:4643
|
|
|
+ accept *:5050
|
|
|
+ accept *:5190
|
|
|
+ accept *:5222-5223
|
|
|
+ accept *:5228
|
|
|
+ accept *:5900
|
|
|
+ accept *:6660-6669
|
|
|
+ accept *:6679
|
|
|
+ accept *:6697
|
|
|
+ accept *:8000
|
|
|
+ accept *:8008
|
|
|
+ accept *:8074
|
|
|
+ accept *:8080
|
|
|
+ accept *:8082
|
|
|
+ accept *:8087-8088
|
|
|
+ accept *:8232-8233
|
|
|
+ accept *:8332-8333
|
|
|
+ accept *:8443
|
|
|
+ accept *:8888
|
|
|
+ accept *:9418
|
|
|
+ accept *:9999
|
|
|
+ accept *:10000
|
|
|
+ accept *:11371
|
|
|
+ accept *:19294
|
|
|
+ accept *:19638
|
|
|
+ accept *:50002
|
|
|
+ accept *:64738
|
|
|
+ reject *:* +
|
|
|
+ +
|
|
|
+ (Default: 0)
|
|
|
+
|
|
|
[[IPv6Exit]] **IPv6Exit** **0**|**1**::
|
|
|
If set, and we are an exit node, allow clients to use us for IPv6
|
|
|
traffic. (Default: 0)
|