We don’t have a policy on tor exit nodes directly, but we do shut off apps that do things like “try to connect to port 22 on thousands of IPs”. Or “port scan the internet”.
The IPv4 addresses your VMs connect out with are shared between customers, so we’re pretty sensitive about abusive traffic from those IPs.
Which means, a tor exit node might be risky if you’re allowing random people to make network connections through it. Less risky if you lock it down to port 80/443. Even less risky if you watch for abusive traffic.
The public IPv6 address is available as the
FLY_PUBLIC_IP environment variable. We have experimental support for opening TCP ports on that address, you can add a config like:
allowed_public_ports =