tor-webwml.git

@@ -757,36 +757,39 @@ Great. That's exactly why we implemented exit policies.

 </p>

 <p>

-Each Tor relay has an exit policy that specifies what sort of outbound

-connections are allowed or refused from that relay. The exit policies are

-propagated to the client via the directory, so clients will automatically

-avoid picking exit relays that would refuse to exit to their intended

-destination. This way each relay can decide the services, hosts, and

-networks he wants to allow connections to, based on abuse potential and

-his own situation.

-</p>

-

-<p>

-By default, your relay allows access to many popular

-services, but restricts some (such as port 25, see all <a

-href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DefaultPorts">default

-restricted ports</a>)  due to abuse potential. You can edit your torrc

-to make your exit policy more or less restrictive. If you want to avoid

-most if not all abuse potential, set it to "reject *:*". This setting

-forces a "non-exit" operation. Nobody exits through your  node, only

-direct connections to other nodes will be established.

-</p>

-

-<p>

-One good way to minimize abuse complaints in general

-for exit nodes is to set the reverse DNS of your Tor

-exit IP to be something like 'tor-exit.yourhost.org'

-or 'tor-readme.yourhost.org'. You can then  place <a

-href="https://tor-svn.freehaven.net/svn/tor/trunk/contrib/tor-exit-notice.html">this

-exit notice</a> html page (<a href="http://tor-exit.fscked.org">live

-version</a>) on a  vhost for that hostname to try to educate people

-before they run off and  harass you or your ISP. This actually does cut

-down on abuse complaints quite a bit, believe it or not.

+Each Tor relay has an exit policy that specifies what sort of

+outbound connections are allowed or refused from that relay. The exit

+policies are propagated to the client via the directory, so clients

+will automatically avoid picking exit relays that would refuse to

+exit to their intended destination. This way each relay can decide

+the services, hosts, and networks he wants to allow connections to,

+based on abuse potential and his own situation. Read the FAQ entry on

+<a href="<page faq-abuse>#TypicalAbuses">issues you might encounter

+if you use the default exit policy</a>, and then read Mike Perry's <a

+href="https://blog.torproject.org/blog/tips-running-exit-node-minimal-harassment">tips

+for running an exit node with minimal harassment</a>.

+</p>

+

+<p>

+The default exit policy allows access to

+many popular services (e.g. web browsing), but <a

+href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#DefaultPorts">restricts</a>

+some due to abuse potential (e.g. mail) and some since

+the Tor network can't handle the load (e.g. default

+file-sharing ports). You can change your exit policy

+using Vidalia's "Sharing" tab, or by manually editing your <a

+href="https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc">torrc</a>

+file. If you want to avoid most if not all abuse potential, set it to

+"reject *:*". This setting means that your relay will be used for

+relaying traffic inside the Tor network, but not for connections to

+external websites or other services.

+</p>

+

+<p>

+If there are any resources that your computer can't reach (for example,

+you are behind a restrictive firewall or content filter), please

+explicitly reject them in your exit policy — otherwise Tor users

+will be impacted too.

 </p>

 <hr />