Add tor

9 files changed, 626 insertions, 0 deletions

diff --git a/tor/README b/tor/README
new file mode 100644
index 0000000..69be208
--- /dev/null
+++ b/tor/README
@@ -0,0 +1,38 @@
+Tor is a toolset for a wide range of organizations and people that want
+to improve their safety and security on the Internet. Using Tor can help
+you anonymize web browsing and publishing, instant messaging, IRC,
+SSH, and other applications that use the TCP protocol. Tor also
+provides a platform on which software developers can build new
+applications with built-in anonymity, safety, and privacy features.
+
+This script requires a 'tor' user/group to exist before running.
+The recommended UID/GID is 220. You can create these like so:
+  groupadd -g 220 tor
+  useradd -u 220 -g 220 -c "The Onion Router" -d /dev/null \
+  -s /bin/false tor
+
+You can pass another user/group to the script; this is however, less
+safe:
+  TOR_USER=nobody TOR_GROUP=nogroup sh tor.SlackBuild
+
+The following can be used to start/stop tor automatically:
+In file /etc/rc.d/rc.local, add following
+  if [ -x /etc/rc.d/rc.tor ]; then
+    /etc/rc.d/rc.tor start
+  fi
+
+In /etc/rc.d/rc.local_shutdown, add following
+  if [ -x /etc/rc.d/rc.tor ]; then
+    /etc/rc.d/rc.tor stop
+  fi
+
+torsocks is an optional dependency. See README.SLACKWARE for more
+information.
+
+optional dependencies:
+- nacl may provide faster performance on 32-bit systems.
+
+Take a look at README.SLACKWARE for important notes and read also very
+carefully the essential hints that tor developers give you
+
+https://www.torproject.org/download/download-easy.html.en#warning
diff --git a/tor/README.SLACKWARE b/tor/README.SLACKWARE
new file mode 100644
index 0000000..70b0f82
--- /dev/null
+++ b/tor/README.SLACKWARE
@@ -0,0 +1,22 @@
+The tor-tsocks.conf is no longer distributed or installed.
+The tor project recommends that tsocks users use torsocks instead.
+As of tor-0.2.1.30-2 and later, rc.tor init script has been updated to get rid
+of hardcoded values present inside torctl command script. To successfully use
+the newer script be sure to check changes to both /etc/rc.d/rc.tor.new and
+/etc/tor/torrc.new as some configurations values are now required and no
+longer passed on the command line. The original TorProject.org torrc
+configuration is always available as /etc/tor/torrc.sample.
+
+Since Tor 0.3.4.1-alpha the directory authority subsystem has been
+modularized and can be disabled by passing --disable-module-dirauth to the
+./configure script. This means that Tor compiled that way cannot run as a
+directory authority or bridge authority.
+
+Starting from Tor 0.4.2.5 this is the default for the tor.SlackBuild.
+
+Also, since Tor 0.4.2.5 contrib/dist/torctl has been removed by upstream.
+Have a look at https://bugs.torproject.org/30550
+
+In case your relay does not start after the upgrade to Tor 0.4.5.6+
+make sure your system is IPv6 ready. Have a look at 
+https://lists.torproject.org/pipermail/tor-relays/2021-February/019299.html
diff --git a/tor/doinst.sh b/tor/doinst.sh
new file mode 100644
index 0000000..06cbc45
--- /dev/null
+++ b/tor/doinst.sh
@@ -0,0 +1,28 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+preserve_perms() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  if [ -e $OLD ]; then
+    cp -a $OLD ${NEW}.incoming
+    cat $NEW > ${NEW}.incoming
+    mv ${NEW}.incoming $NEW
+  fi
+  config $NEW
+}
+
+preserve_perms etc/rc.d/rc.tor.new
+config etc/tor/torrc.new
+config etc/logrotate.d/tor.new
+
diff --git a/tor/logrotate.tor b/tor/logrotate.tor
new file mode 100644
index 0000000..0b8f128
--- /dev/null
+++ b/tor/logrotate.tor
@@ -0,0 +1,15 @@
+/var/log/tor/*log {
+  su @USER@ @GROUP@
+  daily
+  rotate 5
+  compress
+  delaycompress
+  missingok
+  notifempty
+  create 0644 tor tor
+  sharedscripts
+  postrotate
+    /etc/rc.d/rc.tor reload > /dev/null
+  endscript
+}
+
diff --git a/tor/rc.tor b/tor/rc.tor
new file mode 100644
index 0000000..53ab0ed
--- /dev/null
+++ b/tor/rc.tor
@@ -0,0 +1,125 @@
+#!/bin/sh
+#
+# tor - The Onion Router
+#
+# Startup/shutdown script for Tor.
+#
+# Written by Marco Bonetti <sid77@slackware.it>, heavily based on
+# contrib/tor.sh, contrib/torctl and Debian init script.
+
+# Check available file descriptors
+if [ -r /proc/sys/fs/file-max ]; then
+  SYSTEM_MAX=`cat /proc/sys/fs/file-max`
+  if [ "$SYSTEM_MAX" -gt "80000" ]; then
+    MAX_FILEDESCRIPTORS=32768
+  elif [ "$SYSTEM_MAX" -gt "40000" ]; then
+    MAX_FILEDESCRIPTORS=16384
+  elif [ "$SYSTEM_MAX" -gt "10000" ]; then
+    MAX_FILEDESCRIPTORS=8192
+  else
+    MAX_FILEDESCRIPTORS=1024
+    cat << EOF
+
+Warning: Your system has very few filedescriptors available in total.
+
+Maybe you should try raising that by adding 'fs.file-max=100000' to your
+/etc/sysctl.conf file.  Feel free to pick any number that you deem appropriate.
+Then run 'sysctl -p'.  See /proc/sys/fs/file-max for the current value, and
+file-nr in the same directory for how many of those are used at the moment.
+
+EOF
+  fi
+else
+  MAX_FILEDESCRIPTORS=8192
+fi
+
+tor_start() {
+  mkdir -p /var/run/tor
+  chown tor.tor /var/run/tor
+  if [ -n "$MAX_FILEDESCRIPTORS" ]; then
+    echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS"
+    if ulimit -n "$MAX_FILEDESCRIPTORS" ; then
+      echo "..."
+    else
+      echo ": FAILED."
+    fi
+  fi
+  echo "Starting Tor..."
+  /usr/bin/tor
+}
+
+tor_stop() {
+  echo -n "Stopping Tor..."
+  PID=`cat /var/run/tor/tor.pid 2>/dev/null`
+  if [ -z "$PID" ]; then
+    echo " not running."
+    exit 0
+  fi
+  if kill -15 $PID; then
+    echo " stopped."
+  else
+    sleep 1
+    if kill -9 $PID; then
+      echo " killed."
+    else
+      echo " error!"
+      exit 1
+    fi
+  fi
+}
+
+tor_reload() {
+  echo -n "Reloading Tor..."
+  PID=`cat /var/run/tor/tor.pid 2>/dev/null`
+  if [ -z "$PID" ]; then
+    echo " not running."
+    exit 0
+  fi
+  if kill -1 $PID; then
+    echo " reloaded."
+  else
+    echo " error!"
+    exit 1
+  fi
+}
+
+tor_status() {
+  PID=`cat /var/run/tor/tor.pid 2>/dev/null`
+  if [ -z "$PID" ]; then
+    echo "Not running."
+    exit 1
+  elif kill -0 $PID; then
+    echo "Running."
+    exit 0
+  else
+    echo "PID file /var/run/tor/tor.pid present but PID $PID is not running."
+    exit 1
+  fi
+}
+
+case "$1" in
+  start)
+    tor_start
+  ;;
+
+  stop)
+    tor_stop
+  ;;
+
+  restart)
+    tor_stop
+    sleep 3
+    tor_start
+  ;;
+
+  reload)
+    tor_reload
+  ;;
+
+  status)
+    tor_status
+  ;;
+
+  *)
+  echo "Usage: $0 (start|stop|restart|reload|status)"
+esac
diff --git a/tor/slack-desc b/tor/slack-desc
new file mode 100644
index 0000000..caffdc2
--- /dev/null
+++ b/tor/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.
+# Line up the first '|' above the ':' following the base package name, and
+# the '|' on the right side marks the last column you can put a character in.
+# You must make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+   |-----handy-ruler------------------------------------------------------|
+tor: tor (The second-generation onion router)
+tor:
+tor: Tor is a toolset for a wide range of organizations and people that
+tor: want to improve their safety and security on the Internet. Using Tor
+tor: can help you anonymize web browsing and publishing, instant messaging,
+tor: IRC, SSH, and other applications that use the TCP protocol. Tor also
+tor: provides a platform on which software developers can build new
+tor: applications with built-in anonymity, safety, and privacy features.
+tor:
+tor: https://www.torproject.org/
+tor:
diff --git a/tor/tor.SlackBuild b/tor/tor.SlackBuild
new file mode 100644
index 0000000..3a26324
--- /dev/null
+++ b/tor/tor.SlackBuild
@@ -0,0 +1,152 @@
+#!/bin/bash
+#
+# Slackware build script for tor
+#
+# Copyright 2011-2012 Marco Bonetti <sid77@slackware.it>
+# All rights reserved.
+#
+# Redistribution and use of this script, with or without modification, is
+# permitted provided that the following conditions are met:
+#
+# 1. Redistributions of this script must retain the above copyright
+#    notice, this list of conditions and the following disclaimer.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# Updated by Donald Cooley dfc@warpmail.net
+# Updated by Fernando Lopez Jr. fernando.lopezjr@gmail.com
+# Updated by Markus Reichelt slackbuilds@mareichelt.de
+
+cd $(dirname $0) ; CWD=$(pwd)
+
+PRGNAM=tor
+VERSION=${VERSION:-0.4.6.9}
+BUILD=${BUILD:-1}
+TAG=${TAG:-_SBo}
+PKGTYPE=${PKGTYPE:-tgz}
+
+# Select tor's default user/group
+TOR_USER=${TOR_USER:-tor}
+TOR_UID=${TOR_UID:-220}
+TOR_GROUP=${TOR_GROUP:-tor}
+TOR_GID=${TOR_GID:-220}
+
+if [ -z "$ARCH" ]; then
+  case "$( uname -m )" in
+    i?86) ARCH=i586 ;;
+    arm*) ARCH=arm ;;
+       *) ARCH=$( uname -m ) ;;
+  esac
+fi
+
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE"
+  exit 0
+fi
+
+TMP=${TMP:-/tmp/SBo}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+if [ "$ARCH" = "i586" ]; then
+  SLKCFLAGS="-O2 -march=i586 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "i686" ]; then
+  SLKCFLAGS="-O2 -march=i686 -mtune=i686"
+  LIBDIRSUFFIX=""
+elif [ "$ARCH" = "x86_64" ]; then
+  SLKCFLAGS="-O2 -fPIC"
+  LIBDIRSUFFIX="64"
+else
+  SLKCFLAGS="-O2"
+  LIBDIRSUFFIX=""
+fi
+
+bailout() {
+  echo "  You must have a $TOR_USER user and $TOR_GROUP group to run this script. "
+  echo "  Something like this should suffice for most systems: "
+  echo "    # groupadd -g $TOR_GID $TOR_GROUP "
+  echo "    # useradd -u $TOR_UID -g $TOR_GID -c \"The Onion Router\" -d /dev/null -s /bin/false $TOR_USER "
+  exit 1
+}
+
+# Bail if user and/or group isn't valid on your system
+# uid=220 is suggested to avoid conflicts with other SBo packages,
+# but it's your call: http://slackbuilds.org/uid_gid.txt
+if ! grep -q "^$TOR_USER:" /etc/passwd; then
+  bailout
+elif ! grep -q "^$TOR_GROUP:" /etc/group; then
+  bailout
+fi
+
+set -eu
+
+rm -rf $PKG
+mkdir -p $TMP $PKG $OUTPUT
+cd $TMP
+rm -rf $PRGNAM-$VERSION
+tar xvf $CWD/$PRGNAM-$VERSION.tar.gz
+cd $PRGNAM-$VERSION
+chown -R root:root .
+find -L . \
+ \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
+  -o -perm 511 \) -exec chmod 755 {} \; -o \
+ \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
+  -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
+
+CFLAGS="$SLKCFLAGS" \
+./configure \
+  --disable-module-dirauth \
+  --prefix=/usr \
+  --sysconfdir=/etc \
+  --localstatedir=/var \
+  --mandir=/usr/man \
+  --libdir=/usr/lib${LIBDIRSUFFIX} \
+  --docdir=/usr/doc/$PRGNAM-$VERSION \
+  --with-tor-user=$TOR_USER \
+  --with-tor-group=$TOR_GROUP \
+  --build=$ARCH-slackware-linux
+
+make
+make install-strip DESTDIR=$PKG
+
+# Create/install stuff that makes tor work (better)
+mkdir -p $PKG/var/{run,log,lib}/tor
+chown $TOR_USER:$TOR_GROUP $PKG/var/{run,log,lib}/tor
+chmod 0700 $PKG/var/lib/tor
+install -D -m 0755 $CWD/rc.tor $PKG/etc/rc.d/rc.tor.new
+# this has been removed in tor-0.4.2.5, uncomment if you need this
+# in earlier Tor versions
+#install -D -m 0755 contrib/dist/torctl $PKG/usr/bin/torctl
+install -D -m 0644 $CWD/torrc $PKG/etc/tor/torrc.new
+mkdir -p $PKG/etc/logrotate.d
+sed -e "s,@USER@,$TOR_USER," -e "s,@GROUP@,$TOR_GROUP," $CWD/logrotate.tor \
+  > $PKG/etc/logrotate.d/tor.new
+
+find $PKG/usr/man -type f -exec gzip -9 {} \;
+for i in $(find $PKG/usr/man -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done
+
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/spec
+cp -a ChangeLog INSTALL LICENSE README ReleaseNotes \
+      $PKG/usr/doc/$PRGNAM-$VERSION
+cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE
+
+mkdir -p $PKG/install
+cat $CWD/slack-desc > $PKG/install/slack-desc
+cat $CWD/doinst.sh > $PKG/install/doinst.sh
+
+cd $PKG
+/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE
diff --git a/tor/tor.info b/tor/tor.info
new file mode 100644
index 0000000..bda5285
--- /dev/null
+++ b/tor/tor.info
@@ -0,0 +1,10 @@
+PRGNAM="tor"
+VERSION="0.4.6.9"
+HOMEPAGE="https://www.torproject.org/"
+DOWNLOAD="https://dist.torproject.org/tor-0.4.6.9.tar.gz"
+MD5SUM="6a8bb8f6c6f7c6d80a50de8f9f8be8c4"
+DOWNLOAD_x86_64=""
+MD5SUM_x86_64=""
+REQUIRES=""
+MAINTAINER="Markus Reichelt"
+EMAIL="slackbuilds@mareichelt.de"
diff --git a/tor/torrc b/tor/torrc
new file mode 100644
index 0000000..d1ada46
--- /dev/null
+++ b/tor/torrc
@@ -0,0 +1,217 @@
+## Configuration file for a typical Tor user
+## Last updated 22 September 2015 for Tor 0.2.7.3-alpha.
+## (may or may not work for much older or much newer versions of Tor.)
+##
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+##
+## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
+## for more options you can use in this file.
+##
+## Tor will look for this file in various places based on your platform:
+## https://www.torproject.org/docs/faq#torrc
+##
+## This is a custom Slackware torrc. The original Tor Project torrc file is
+## still available as /etc/tor/torrc.sample
+
+## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't
+## configure one below. Set "SOCKSPort 0" if you plan to run Tor only
+## as a relay, and not make any local application connections yourself.
+#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections.
+SOCKSPort 127.0.0.1:9050 # what port to open for local application connections
+#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too.
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SOCKSPolicy is set, we accept
+## all (and only) requests that reach a SOCKSPort. Untrusted users who
+## can access your SOCKSPort may be able to learn about the connections
+## you make.
+#SOCKSPolicy accept 192.168.0.0/16
+#SOCKSPolicy accept6 FC00::/7
+#SOCKSPolicy reject *
+
+## Logs go to stdout at level "notice" unless redirected by something
+## else, like one of the below lines. You can have as many Log lines as
+## you want.
+##
+## We advise using "notice" in most cases, since anything more verbose
+## may provide sensitive information to an attacker who obtains the logs.
+##
+## Send all messages of level 'notice' or higher to /var/log/tor/tor.log
+Log notice file /var/log/tor/tor.log
+## Send every possible message to /var/log/tor/debug.log
+#Log debug file /var/log/tor/debug.log
+## Use the system log instead of Tor's logfiles
+#Log notice syslog
+## To send all messages to stderr:
+#Log debug stderr
+
+## Uncomment this to start the process in the background... or use
+## --runasdaemon 1 on the command line. This is ignored on Windows;
+## see the FAQ entry if you want Tor to run as an NT service.
+RunAsDaemon 1
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+DataDirectory /var/lib/tor
+
+## On startup, setuid to this user and setgid to their primary group.
+User tor
+
+## On startup, write our PID to /var/run/tor/tor.pid.
+## On clean shutdown, remove /var/run/tor/tor.pid.
+PidFile /var/run/tor/tor.pid
+
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+#ControlPort 9051
+## If you enable the controlport, be sure to enable one of these
+## authentication methods, to prevent attackers from accessing it.
+#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
+#CookieAuthentication 1
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+##
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+#HiddenServiceDir /var/lib/tor/hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+
+#HiddenServiceDir /var/lib/tor/other_hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+#HiddenServicePort 22 127.0.0.1:22
+
+################ This section is just for relays #####################
+#
+## See https://www.torproject.org/docs/tor-doc-relay for details.
+
+## Required: what port to advertise for incoming Tor connections.
+#ORPort 9001
+## If you want to listen on a port other than the one advertised in
+## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
+## follows.  You'll need to do ipchains or other port forwarding
+## yourself to make this work.
+#ORPort 443 NoListen
+#ORPort 127.0.0.1:9090 NoAdvertise
+
+## The IP address or full DNS name for incoming connections to your
+## relay. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## If you have multiple network interfaces, you can specify one for
+## outgoing traffic to use.
+# OutboundBindAddress 10.0.0.5
+
+## A handle for your relay, so people don't have to refer to it by key.
+## Nicknames must be between 1 and 19 characters inclusive, and must
+## contain only the characters [a-zA-Z0-9].
+#Nickname ididnteditheconfig
+
+## Define these to limit how much relayed traffic you will allow. Your
+## own traffic is still unthrottled. Note that RelayBandwidthRate must
+## be at least 75 kilobytes per second.
+## Note that units for these config options are bytes (per second), not
+## bits (per second), and that prefixes are binary prefixes, i.e. 2^10,
+## 2^20, etc.
+#RelayBandwidthRate 100 KBytes  # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb)
+
+## Use these to restrict the maximum traffic per day, week, or month.
+## Note that this threshold applies separately to sent and received bytes,
+## not to their sum: setting "40 GB" may allow up to 80 GB total before
+## hibernating.
+##
+## Set a maximum of 40 gigabytes each way per period.
+#AccountingMax 40 GBytes
+## Each period starts daily at midnight (AccountingMax is per day)
+#AccountingStart day 00:00
+## Each period starts on the 3rd of the month at 15:00 (AccountingMax
+## is per month)
+#AccountingStart month 3 15:00
+
+## Administrative contact information for this relay or bridge. This line
+## can be used to contact you if your relay or bridge is misconfigured or
+## something else goes wrong. Note that we archive and publish all
+## descriptors containing these lines and that Google indexes them, so
+## spammers might also collect them. You may want to obscure the fact that
+## it's an email address and/or generate a new address for this purpose.
+#ContactInfo Random Person <nobody AT example dot com>
+## You might also include your PGP or GPG fingerprint if you have one:
+#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
+
+## Uncomment this to mirror directory information for others. Please do
+## if you have enough bandwidth.
+#DirPort 9030 # what port to advertise for directory connections
+## If you want to listen on a port other than the one advertised in
+## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
+## follows.  below too. You'll need to do ipchains or other port
+## forwarding yourself to make this work.
+#DirPort 80 NoListen
+#DirPort 127.0.0.1:9091 NoAdvertise
+## Uncomment to return an arbitrary blob of html on your DirPort. Now you
+## can explain what Tor is if anybody wonders why your IP address is
+## contacting them. See contrib/tor-exit-notice.html in Tor's source
+## distribution for a sample.
+#DirPortFrontPage /etc/tor/tor-exit-notice.html
+
+## Uncomment this if you run more than one Tor relay, and add the identity
+## key fingerprint of each Tor relay you control, even if they're on
+## different networks. You declare it here so Tor clients can avoid
+## using more than one of your relays in a single circuit. See
+## https://www.torproject.org/docs/faq#MultipleRelays
+## However, you should never include a bridge's fingerprint here, as it would
+## break its concealability and potentially reveal its IP/TCP address.
+#MyFamily $keyid,$keyid,...
+
+## A comma-separated list of exit policies. They're considered first
+## to last, and the first match wins.
+##
+## If you want to allow the same ports on IPv4 and IPv6, write your rules
+## using accept/reject *. If you want to allow different ports on IPv4 and
+## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules
+## using accept/reject *4.
+##
+## If you want to _replace_ the default exit policy, end this with either a
+## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to)
+## the default exit policy. Leave commented to just use the default, which is
+## described in the man page or at
+## https://www.torproject.org/documentation.html
+##
+## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## for issues you might encounter if you use the default exit policy.
+##
+## If certain IPs and ports are blocked externally, e.g. by your firewall,
+## you should update your exit policy to reflect this -- otherwise Tor
+## users will be told that those destinations are down.
+##
+## For security, by default Tor rejects connections to private (local)
+## networks, including to the configured primary public IPv4 and IPv6 addresses,
+## and any public IPv4 and IPv6 addresses on any interface on the relay.
+## See the man page entry for ExitPolicyRejectPrivate if you want to allow
+## "exit enclaving".
+##
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more
+#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy
+#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy
+#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+
+## Bridge relays (or "bridges") are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even an
+## ISP that filters connections to all the known Tor relays probably
+## won't be able to block all the bridges. Also, websites won't treat you
+## differently because they won't know you're running Tor. If you can
+## be a real relay, please do; but if not, be a bridge!
+#BridgeRelay 1
+## By default, Tor will advertise your bridge to users through various
+## mechanisms like https://bridges.torproject.org/. If you want to run
+## a private bridge, for example because you'll give out your bridge
+## address manually to your friends, uncomment this line:
+#PublishServerDescriptor 0
+