[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-commits] [tor/master] Update sample torrc file for 0.2.3.x
commit 9bcf315e9bdb063a09cdb824803dac1bd607a217
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Wed Feb 8 04:40:26 2012 -0500
Update sample torrc file for 0.2.3.x
Fix broken URLs.
Tell readers about the OutboundBindAddress, ExitPolicyRejectPrivate,
and PublishServerDescriptor options.
---
changes/bug4652 | 5 ++++
src/config/torrc.sample.in | 50 ++++++++++++++++++++++++++++---------------
2 files changed, 37 insertions(+), 18 deletions(-)
diff --git a/changes/bug4652 b/changes/bug4652
new file mode 100644
index 0000000..3df9f66
--- /dev/null
+++ b/changes/bug4652
@@ -0,0 +1,5 @@
+ o Minor features:
+ - Fix broken URLs in the sample torrc file, and tell readers about
+ the OutboundBindAddress, ExitPolicyRejectPrivate, and
+ PublishServerDescriptor options. Addresses bug 4652.
+
diff --git a/src/config/torrc.sample.in b/src/config/torrc.sample.in
index f0c78ce..1ea5d9f 100644
--- a/src/config/torrc.sample.in
+++ b/src/config/torrc.sample.in
@@ -1,16 +1,16 @@
## Configuration file for a typical Tor user
-## Last updated 16 July 2009 for Tor 0.2.2.1-alpha.
-## (May or may not work for much older or much newer versions of Tor.)
+## Last updated 8 February 2012 for Tor 0.2.3.12-alpha.
+## (may or may not work for much older or much newer versions of Tor.)
##
## Lines that begin with "## " try to explain what's going on. Lines
## that begin with just "#" are disabled commands: you can enable them
## by removing the "#" symbol.
##
-## See 'man tor', or https://www.torproject.org/tor-manual.html,
+## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
## for more options you can use in this file.
##
## Tor will look for this file in various places based on your platform:
-## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc
+## https://www.torproject.org/docs/faq#torrc
## Replace this with "SocksPort 0" if you plan to run Tor only as a
@@ -21,7 +21,9 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## Entry policies to allow/deny SOCKS requests based on IP address.
## First entry that matches wins. If no SocksPolicy is set, we accept
-## all (and only) requests from SocksListenAddress.
+## all (and only) requests from SocksListenAddress. Untrusted users who
+## can access your SocksPort may be able to learn about the connections
+## you make.
#SocksPolicy accept 192.168.0.0/16
#SocksPolicy reject *
@@ -86,13 +88,17 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## yourself to make this work.
#ORListenAddress 0.0.0.0:9090
+## The IP address or full DNS name for incoming connections to your
+## relay. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## If you have multiple network interfaces, you can specify one for
+## outgoing traffic to use.
+# OutboundBindAddress 10.0.0.5
+
## A handle for your relay, so people don't have to refer to it by key.
#Nickname ididnteditheconfig
-## The IP address or full DNS name for your relay. Leave commented out
-## and Tor will guess.
-#Address noname.example.com
-
## Define these to limit how much relayed traffic you will allow. Your
## own traffic is still unthrottled. Note that RelayBandwidthRate must
## be at least 20 KB.
@@ -100,9 +106,9 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
#RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
## Use these to restrict the maximum traffic per day, week, or month.
-## Note that this threshold applies to sent _and_ to received bytes,
-## not to their sum: Setting "4 GB" may allow up to 8 GB
-## total before hibernating.
+## Note that this threshold applies separately to sent and received bytes,
+## not to their sum: setting "4 GB" may allow up to 8 GB total before
+## hibernating.
##
## Set a maximum of 4 gigabytes each way per period.
#AccountingMax 4 GB
@@ -117,7 +123,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## indexes this, so spammers might also collect it.
#ContactInfo Random Person <nobody AT example dot com>
## You might also include your PGP or GPG fingerprint if you have one:
-#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
+#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
## Uncomment this to mirror directory information for others. Please do
## if you have enough bandwidth.
@@ -137,7 +143,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## key fingerprint of each Tor relay you control, even if they're on
## different networks. You declare it here so Tor clients can avoid
## using more than one of your relays in a single circuit. See
-## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
+## https://www.torproject.org/docs/faq#MultipleRelays
#MyFamily $keyid,$keyid,...
## A comma-separated list of exit policies. They're considered first
@@ -155,16 +161,24 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
## you should update your exit policy to reflect this -- otherwise Tor
## users will be told that those destinations are down.
##
+## For security, by default Tor rejects connections to private (local)
+## networks, including to your public IP address. See the man page entry
+## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
+##
#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
#ExitPolicy accept *:119 # accept nntp as well as default exit policy
#ExitPolicy reject *:* # no exits allowed
-#
+
## Bridge relays (or "bridges") are Tor relays that aren't listed in the
-## main directory. Since there is no complete public list of them, even if an
-## ISP is filtering connections to all the known Tor relays, they probably
+## main directory. Since there is no complete public list of them, even an
+## ISP that filters connections to all the known Tor relays probably
## won't be able to block all the bridges. Also, websites won't treat you
## differently because they won't know you're running Tor. If you can
## be a real relay, please do; but if not, be a bridge!
#BridgeRelay 1
-#ExitPolicy reject *:*
+## By default, Tor will advertise your bridge to users through various
+## mechanisms like https://bridges.torproject.org/. If you want to run
+## a private bridge, for example because you'll give out your bridge
+## address manually to your friends, uncomment this line:
+#PublishServerDescriptor 0
_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits