tornull.org - A Safer Tor Reduced Exit Policy

tornulst2rbxvbpd.onion - This website is NOT affiliated with the The Tor Project, Inc..

Tor Reduced-Reduced Exit Policy

[Notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning


Herewith, an example of our Tor Exit Nodes Reduced Exit Policy. The exit policy has been amended following our own research and experience of responding to 'abuse' complaints. The premise is simple - any allowed ports usefulness should outweigh the potential for misuse, for the majority of Tor users.

If a single port is unavailable for a requested service, then Tor users (or the Tor software itself) can freely select a new exit node which would allow said requested port or service. It is good for users privacy and anonymity for the Tor network to have a wide and diverse selection of available exit nodes.


References (clearnet links!) :

  • - https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
  • - https://blog.torproject.org/running-exit-node
  • - http://map.norsecorp.com (source referenced)
  • - https://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers (source referenced)

  • ---- Example Reduced-Reduced Exit Policy - LIST START ----

  • ExitRelay 1

  • ## Insert the TorNull Advisory BL here (optional) and check for updates at least once per month.

  • ExitPolicy accept *:20-21 # FTP
  • #ExitPolicy accept *:22 # SSH (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:23 # Telnet (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:43 # WHOIS
  • ExitPolicy accept *:53 # DNS
  • ExitPolicy accept *:79 # finger
  • ExitPolicy accept *:80-81 # HTTP, HTTP alt.
  • ExitPolicy accept *:88 # kerberos
  • ExitPolicy accept *:110 # POP3
  • ExitPolicy accept *:143 # IMAP
  • #ExitPolicy accept *:194 # IRC (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:220 # IMAP3
  • ExitPolicy accept *:389 # LDAP
  • ExitPolicy accept *:443 # HTTPS
  • ExitPolicy accept *:464 # kpasswd
  • #ExitPolicy accept *:465 # URD for SSM (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:531 # IRC/AIM
  • ExitPolicy accept *:543-544 # Kerberos
  • ExitPolicy accept *:554 # RTSP
  • #ExitPolicy accept *:563 # NNTP over SSL (AVOID - https://www.torproject.org/docs/faq#DefaultExitPorts)
  • #ExitPolicy accept *:587 # SMTP (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:636 # LDAP
  • ExitPolicy accept *:706 # SILC
  • ExitPolicy accept *:749 # kerberos
  • ExitPolicy accept *:873 # rsync
  • ExitPolicy accept *:902-904 # VMware
  • ExitPolicy accept *:981 # Remote HTTPS management for firewall
  • ExitPolicy accept *:989-990 # FTP over TLS/SSL
  • ExitPolicy accept *:991 # Netnews Administration System
  • ExitPolicy accept *:992 # Telnet protocol over TLS/SSL
  • ExitPolicy accept *:993 # IMAP over SSL (N.B. potential abuse - mail-server / brute-force attacks - tornull.org)
  • #ExitPolicy accept *:994 # IRCS (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:995 # POP3 over SSL
  • ExitPolicy accept *:1194 # OpenVPN
  • ExitPolicy accept *:1220 # QT Server Admin
  • ExitPolicy accept *:1293 # PKT-KRB-IPSec
  • ExitPolicy accept *:1500 # VLSI License Manager
  • ExitPolicy accept *:1533 # Sametime
  • ExitPolicy accept *:1677 # GroupWise
  • ExitPolicy accept *:1723 # PPTP
  • ExitPolicy accept *:1755 # RTSP
  • ExitPolicy accept *:1863 # MSNP
  • ExitPolicy accept *:2082 # Infowave Mobility Server and CPanel default
  • ExitPolicy accept *:2083 # Secure Radius Service (radsec) and CPanel default SSL
  • ExitPolicy accept *:2086-2087 # GNUnet, ELI
  • ExitPolicy accept *:2095-2096 # NBX
  • ExitPolicy accept *:2102-2104 # Zephyr
  • #ExitPolicy accept *:3128 # SQUID (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:3389 # MS WBT (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:3690 # SVN
  • ExitPolicy accept *:4321 # RWHOIS
  • ExitPolicy accept *:4643 # Virtuozzo
  • ExitPolicy accept *:5050 # MMCC
  • ExitPolicy accept *:5190 # ICQ and AOL Instant Messenger
  • ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
  • ExitPolicy accept *:5228 # Android Market
  • #ExitPolicy accept *:5900 # VNC (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:6660-6669 # IRC (REJECT to AVOID Tor DNSBL)
  • #ExitPolicy accept *:6679 # IRC SSL (REJECT to AVOID Tor DNSBL)
  • #ExitPolicy accept *:6697 # IRC SSL (REJECT to AVOID Tor DNSBL)
  • #ExitPolicy accept *:8000 # iRDMI (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:8008 # HTTP alternate
  • ExitPolicy accept *:8074 # Gadu-Gadu
  • #ExitPolicy accept *:8080 # HTTP Proxies (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
  • ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP - Control Panel
  • ExitPolicy accept *:8232-8233 # Zcash
  • ExitPolicy accept *:8332-8333 # Bitcoin
  • ExitPolicy accept *:8443 # PCsync HTTPS - Plesk Control Panel, Apache Tomcat SSL
  • ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE, HUSH coin
  • ExitPolicy accept *:9418 # git - Git pack transfer service
  • #ExitPolicy accept *:9999 # distinct (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:10000 # Network Data Management Protocol (N.B. potential abuse - RDP - tornull.org)
  • ExitPolicy accept *:11371 # OpenPGP hkp
  • ExitPolicy accept *:19294 # Google Voice
  • ExitPolicy accept *:19638 # Ensim control panel
  • ExitPolicy accept *:50002 # Electrum Bitcoin SSL
  • ExitPolicy accept *:64738 # Mumble - voice over IP

  • ExitPolicy reject *:*
  • ---- Example Reduced-Reduced Exit Policy - LIST END ----


    It should be noted that to avoid Tor DNSBL an exit nodes ORPort and/or DirPort must not use the 'default' ports 9001 or 9030. If your computer isn't running a webserver, and you haven't set AccountingMax, please consider changing your ORPort to 443 and/or your DirPort to 80.

    - "Every IP which is known to run a tor server and allow their clients to connect to one of the following ports get listed: 25, 194, 465, 587, 994, 6657, 6660-6670, 6697, 7000-7005, 7070, 8000-8004, 9000, 9001, 9998, 9999" - http://mxtoolbox.com/problem/blacklist/sectoor (source referenced)


    An IoT (Internet of Things) Tor Exit Policy ...

    tornull.org has conducted independent research in regards to actively used Tor ports and services in the 1-10000 port range. Whilst it appears true that the majority of ports in this range will see varying levels of P2P traffic (not all bad!) above the ports official or assigned use case - the following ports have been added to our own Tor Exit nodes;

  • ExitPolicy accept *:81 # HTTP Alt
  • ExitPolicy accept *:83 # MIT ML Device
  • ExitPolicy accept *:85 # MIT ML Device
  • ExitPolicy accept *:86 # BroadCam Video Streaming Server
  • ExitPolicy accept *:90 # dnsix Securit Attribute Token Map / Pointcast
  • ExitPolicy accept *:1043 # BOINC Client Control
  • ExitPolicy accept *:1103 # Adobe Server 2
  • ExitPolicy accept *:1113 # Licklider Transmission Protocol (IANA official) [RFC 5326]
  • ExitPolicy accept *:1883 # Message Queuing Telemetry (IANA official)
  • ExitPolicy accept *:4070 # Trivial IP Encryption (TrIPE)
  • ExitPolicy accept *:5004 # RTP media data [RFC 3551, RFC 4571]
  • ExitPolicy accept *:5287 # IP Camera viewer apps
  • ExitPolicy accept *:5675 # V5UA application port (IANA official) [RFC 3807]
  • ExitPolicy accept *:6880 # Dwyco Video Conferencing
  • ExitPolicy accept *:8502 # FTN Message Transfer Protocol (IANA official)
  • ExitPolicy accept *:8601 # Wavestore CCTV protocol
  • ExitPolicy accept *:8602 # XBConnect, Wavestore Notification protocol
  • ExitPolicy accept *:8883 # Secure MQTT (MQTT over TLS)
  • We are confident that the majority of these port additions should see legitimate Tor use over simply generating additional abuse issues and/or complaints.


    ---- Our Example IoT Exit Policy - LIST START ----

  • ExitRelay 1

  • ## Insert the TorNull Advisory BL here (optional) and check for updates at least once per month.

  • ExitPolicy accept *:20-21 # FTP
  • #ExitPolicy accept *:22 # SSH (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:23 # Telnet (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:43 # WHOIS
  • ExitPolicy accept *:53 # DNS
  • ExitPolicy accept *:79 # finger
  • ExitPolicy accept *:80-81 # HTTP, HTTP alt.
  • ExitPolicy accept *:83 # MIT ML Device
  • ExitPolicy accept *:85 # MIT ML Device
  • ExitPolicy accept *:86 # BroadCam Video Streaming Server
  • ExitPolicy accept *:88 # kerberos
  • ExitPolicy accept *:90 # dnsix Securit Attribute Token Map / Pointcast
  • ExitPolicy accept *:110 # POP3
  • ExitPolicy accept *:143 # IMAP
  • #ExitPolicy accept *:194 # IRC (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:220 # IMAP3
  • ExitPolicy accept *:389 # LDAP
  • ExitPolicy accept *:443 # HTTPS
  • ExitPolicy accept *:464 # kpasswd
  • #ExitPolicy accept *:465 # URD for SSM (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:531 # IRC/AIM
  • ExitPolicy accept *:543-544 # Kerberos
  • ExitPolicy accept *:554 # RTSP
  • #ExitPolicy accept *:563 # NNTP over SSL (AVOID - https://www.torproject.org/docs/faq#DefaultExitPorts)
  • #ExitPolicy accept *:587 # SMTP (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:636 # LDAP
  • ExitPolicy accept *:706 # SILC
  • ExitPolicy accept *:749 # kerberos
  • ExitPolicy accept *:873 # rsync
  • ExitPolicy accept *:902-904 # VMware
  • ExitPolicy accept *:981 # Remote HTTPS management for firewall
  • ExitPolicy accept *:989-990 # FTP over TLS/SSL
  • ExitPolicy accept *:991 # Netnews Administration System
  • ExitPolicy accept *:992 # Telnet protocol over TLS/SSL
  • ExitPolicy accept *:993 # IMAP over SSL (N.B. potential abuse - mail-server / brute-force attacks - tornull.org)
  • #ExitPolicy accept *:994 # IRCS (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:995 # POP3 over SSL
  • ExitPolicy accept *:1043 # BOINC Client Control
  • ExitPolicy accept *:1103 # Adobe Server 2
  • ExitPolicy accept *:1113 # Licklider Transmission Protocol (IANA official) [RFC 5326]
  • ExitPolicy accept *:1194 # OpenVPN
  • ExitPolicy accept *:1220 # QT Server Admin
  • ExitPolicy accept *:1293 # PKT-KRB-IPSec
  • ExitPolicy accept *:1500 # VLSI License Manager
  • ExitPolicy accept *:1533 # Sametime
  • ExitPolicy accept *:1677 # GroupWise
  • ExitPolicy accept *:1723 # PPTP
  • ExitPolicy accept *:1755 # RTSP
  • ExitPolicy accept *:1863 # MSNP
  • ExitPolicy accept *:1883 # Message Queuing Telemetry (IANA official)
  • ExitPolicy accept *:2082 # Infowave Mobility Server and CPanel default
  • ExitPolicy accept *:2083 # Secure Radius Service (radsec) and CPanel default SSL
  • ExitPolicy accept *:2086-2087 # GNUnet, ELI
  • ExitPolicy accept *:2095-2096 # NBX
  • ExitPolicy accept *:2102-2104 # Zephyr
  • #ExitPolicy accept *:3128 # SQUID (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:3389 # MS WBT (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:3690 # SVN
  • ExitPolicy accept *:4321 # RWHOIS
  • ExitPolicy accept *:4643 # Virtuozzo
  • ExitPolicy accept *:4070 # Trivial IP Encryption (TrIPE)
  • ExitPolicy accept *:5004 # RTP media data [RFC 3551, RFC 4571]
  • ExitPolicy accept *:5050 # MMCC
  • ExitPolicy accept *:5190 # ICQ and AOL Instant Messenger
  • ExitPolicy accept *:5222-5223 # XMPP, XMPP over SSL
  • ExitPolicy accept *:5228 # Android Market
  • ExitPolicy accept *:5287 # IP Camera viewer apps
  • ExitPolicy accept *:5675 # V5UA application port (IANA official) [RFC 3807]
  • #ExitPolicy accept *:5900 # VNC (potential ABUSE - common port scan attacks map.norsecorp.com)
  • #ExitPolicy accept *:6660-6669 # IRC (REJECT to AVOID Tor DNSBL)
  • #ExitPolicy accept *:6679 # IRC SSL (REJECT to AVOID Tor DNSBL)
  • #ExitPolicy accept *:6697 # IRC SSL (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:6880 # Dwyco Video Conferencing
  • #ExitPolicy accept *:8000 # iRDMI (REJECT to AVOID Tor DNSBL)
  • ExitPolicy accept *:8008 # HTTP alternate
  • ExitPolicy accept *:8074 # Gadu-Gadu
  • #ExitPolicy accept *:8080 # HTTP Proxies (potential ABUSE - common port scan attacks map.norsecorp.com)
  • ExitPolicy accept *:8082 # HTTPS Electrum Bitcoin port
  • ExitPolicy accept *:8087-8088 # Simplify Media SPP Protocol, Radan HTTP - Control Panel
  • ExitPolicy accept *:8232-8233 # Zcash
  • ExitPolicy accept *:8332-8333 # Bitcoin
  • ExitPolicy accept *:8443 # PCsync HTTPS - Plesk Control Panel, Apache Tomcat SSL
  • ExitPolicy accept *:8502 # FTN Message Transfer Protocol (IANA official)
  • ExitPolicy accept *:8601 # Wavestore CCTV protocol
  • ExitPolicy accept *:8602 # XBConnect, Wavestore Notification protocol
  • ExitPolicy accept *:8883 # Secure MQTT (MQTT over TLS)
  • ExitPolicy accept *:8888 # HTTP Proxies, NewsEDGE, HUSH coin
  • ExitPolicy accept *:9418 # git - Git pack transfer service
  • #ExitPolicy accept *:9999 # distinct (REJECT to AVOID Tor DNSBL)
  • ##ExitPolicy accept *:10000 # Network Data Management Protocol (N.B. potential abuse - RDP - tornull.org)
  • ExitPolicy accept *:11371 # OpenPGP hkp
  • ExitPolicy accept *:19294 # Google Voice
  • ExitPolicy accept *:19638 # Ensim control panel
  • ExitPolicy accept *:50002 # Electrum Bitcoin SSL
  • ExitPolicy accept *:64738 # Mumble - voice over IP

  • ExitPolicy reject *:*
  • ---- Our Example IoT Exit Policy - LIST END ----


    ## Donate Bitcoin :

    ## Donate Zcash : taddress :

    ## Donate Zcash : zaddress :


    tornull.org - Example Reduced-Reduced Exit Policy is provided 'as-is'

    Some rights reserved - We disclaim all copyright interest

    tornull.org - is an Independent Research Project.

    We are NOT affiliated with the The Tor Project, Inc..

    Reproduction of content is permitted under a Creative Commons Attribution 3.0 United States License.

    "Tor” and the "Onion Logo” are registered trademarks of The Tor Project, Inc.


    [Notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning