Hello Tom and Konstantinos, >>>>> On Mar 30, 2012 14:18:35, "Jef Heri" <jefheri1 at yahoo.com> wrote: >>>>> >>>>> Hello list, >>>>> >>>>> [snip] >>>>> >>>>> Is it correct that a exit enclave will act as a >>>>> 'normal' exit node, as well as the exit enclave for its IP >>>>> address (https://trac.torproject.org/projects/tor/ticket/800)? >>>>> If so, is it possible to block exit to any IP other than the >>>>> node's own IP via torrc file? If not, maybe I could only >>>>> allow exists to white-list IPs, such as Tor Project web site >>>>> IP, EFF IP, and etc? >>>>> >>>>> [snip] >>>>> >>>>> Thanks!
>>>> On Mar 30, 2012 14:43:09, "Tom Ritter" <tom at ritter.vg> wrote: >>>> >>>> It's my understanding that if you put the following Exit Policy in your >>>> torrc: >>>> >>>> ExitPolicyRejectPrivate 0 >>>> ExitPolicy accept 97.107.139.108 >>>> ExitPolicy reject *:* >>>> >>>> Where 97.107.139.108 is your IP address (that one's mine), you will >>>> Exit Enclave to your site, not allow any other exit traffic, you will >>>> be a normal tor relay (meaning you should check your bandwidth >>>> limits/accounting), and you will become the preferred path for Tor >>>> traffic to your site. >>>> [snip] >>> On 30 March 2012 14:50:49, Konstantinos Asimakis <inshame at gmail.com> >>> wrote: >>> >>> Wouldn't it be safer to accept connections only on port 80? Else he >>> would be exposing the whole machine. >> On 30 March 2012 14:43:09, "Tom Ritter" <tom at ritter.vg> wrote: >> >> Hm. I don't know. If you have a local firewall that blocks access to >> say, samba, from external addresses, but allows it locally - would tor >> allow you to access the port, because it appears that the connection >> from coming locally? >> >> If you're already exposing port 22 on the internet, I would argue >> allowing it through tor exit enclaving isn't increasing your risk any. >> But if tor lets you bypass the firewall - then there's a concern. >> >> -tom > On Mar 30, 2012 15:02:04, Konstantinos Asimakis <inshame at gmail.com> wrote: > > I bet it will bypass the firewall but until someone else answers play it > safe and allow only the ports you need. ;-) Thank you both for the interesting back and fourth. I think I tend to side with Konstantinos, and since my site will only offer SSL (not http), I guess I should setup to only accept connections from 443, correct? Thank you both. _______________________________________________ tor-relays mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
