diff --git a/changes/bug2060 b/changes/bug2060
new file mode 100644
index 0000000000..eb95aedb26
--- /dev/null
+++ b/changes/bug2060
@@ -0,0 +1,4 @@
+  o Minor features
+    - Make sure to disable DirPort if running as a bridge.  DirPorts aren't
+      used on bridges, and it makes bridge scanning way too easy.
+
diff --git a/src/or/config.c b/src/or/config.c
index 280acc0ca5..7fea8500b2 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -3281,6 +3281,12 @@ options_validate(or_options_t *old_options, or_options_t *options,
            "PublishServerDescriptor line.");
   }
 
+  if (options->BridgeRelay && options->DirPort) {
+    log_warn(LD_CONFIG, "Can't set a DirPort on a bridge relay; disabling "
+             "DirPort");
+    options->DirPort = 0;
+  }
+
   if (options->MinUptimeHidServDirectoryV2 < 0) {
     log_warn(LD_CONFIG, "MinUptimeHidServDirectoryV2 option must be at "
                         "least 0 seconds. Changing to 0.");