diff options
-rw-r--r-- | tor/README | 38 | ||||
-rw-r--r-- | tor/README.SLACKWARE | 22 | ||||
-rw-r--r-- | tor/doinst.sh | 28 | ||||
-rw-r--r-- | tor/logrotate.tor | 15 | ||||
-rw-r--r-- | tor/rc.tor | 125 | ||||
-rw-r--r-- | tor/slack-desc | 19 | ||||
-rw-r--r-- | tor/tor.SlackBuild | 152 | ||||
-rw-r--r-- | tor/tor.info | 10 | ||||
-rw-r--r-- | tor/torrc | 217 |
9 files changed, 0 insertions, 626 deletions
diff --git a/tor/README b/tor/README deleted file mode 100644 index 69be208..0000000 --- a/tor/README +++ /dev/null @@ -1,38 +0,0 @@ -Tor is a toolset for a wide range of organizations and people that want -to improve their safety and security on the Internet. Using Tor can help -you anonymize web browsing and publishing, instant messaging, IRC, -SSH, and other applications that use the TCP protocol. Tor also -provides a platform on which software developers can build new -applications with built-in anonymity, safety, and privacy features. - -This script requires a 'tor' user/group to exist before running. -The recommended UID/GID is 220. You can create these like so: - groupadd -g 220 tor - useradd -u 220 -g 220 -c "The Onion Router" -d /dev/null \ - -s /bin/false tor - -You can pass another user/group to the script; this is however, less -safe: - TOR_USER=nobody TOR_GROUP=nogroup sh tor.SlackBuild - -The following can be used to start/stop tor automatically: -In file /etc/rc.d/rc.local, add following - if [ -x /etc/rc.d/rc.tor ]; then - /etc/rc.d/rc.tor start - fi - -In /etc/rc.d/rc.local_shutdown, add following - if [ -x /etc/rc.d/rc.tor ]; then - /etc/rc.d/rc.tor stop - fi - -torsocks is an optional dependency. See README.SLACKWARE for more -information. - -optional dependencies: -- nacl may provide faster performance on 32-bit systems. - -Take a look at README.SLACKWARE for important notes and read also very -carefully the essential hints that tor developers give you - -https://www.torproject.org/download/download-easy.html.en#warning diff --git a/tor/README.SLACKWARE b/tor/README.SLACKWARE deleted file mode 100644 index 70b0f82..0000000 --- a/tor/README.SLACKWARE +++ /dev/null @@ -1,22 +0,0 @@ -The tor-tsocks.conf is no longer distributed or installed. -The tor project recommends that tsocks users use torsocks instead. -As of tor-0.2.1.30-2 and later, rc.tor init script has been updated to get rid -of hardcoded values present inside torctl command script. To successfully use -the newer script be sure to check changes to both /etc/rc.d/rc.tor.new and -/etc/tor/torrc.new as some configurations values are now required and no -longer passed on the command line. The original TorProject.org torrc -configuration is always available as /etc/tor/torrc.sample. - -Since Tor 0.3.4.1-alpha the directory authority subsystem has been -modularized and can be disabled by passing --disable-module-dirauth to the -./configure script. This means that Tor compiled that way cannot run as a -directory authority or bridge authority. - -Starting from Tor 0.4.2.5 this is the default for the tor.SlackBuild. - -Also, since Tor 0.4.2.5 contrib/dist/torctl has been removed by upstream. -Have a look at https://bugs.torproject.org/30550 - -In case your relay does not start after the upgrade to Tor 0.4.5.6+ -make sure your system is IPv6 ready. Have a look at -https://lists.torproject.org/pipermail/tor-relays/2021-February/019299.html diff --git a/tor/doinst.sh b/tor/doinst.sh deleted file mode 100644 index 06cbc45..0000000 --- a/tor/doinst.sh +++ /dev/null @@ -1,28 +0,0 @@ -config() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - # If there's no config file by that name, mv it over: - if [ ! -r $OLD ]; then - mv $NEW $OLD - elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then - # toss the redundant copy - rm $NEW - fi - # Otherwise, we leave the .new copy for the admin to consider... -} - -preserve_perms() { - NEW="$1" - OLD="$(dirname $NEW)/$(basename $NEW .new)" - if [ -e $OLD ]; then - cp -a $OLD ${NEW}.incoming - cat $NEW > ${NEW}.incoming - mv ${NEW}.incoming $NEW - fi - config $NEW -} - -preserve_perms etc/rc.d/rc.tor.new -config etc/tor/torrc.new -config etc/logrotate.d/tor.new - diff --git a/tor/logrotate.tor b/tor/logrotate.tor deleted file mode 100644 index 0b8f128..0000000 --- a/tor/logrotate.tor +++ /dev/null @@ -1,15 +0,0 @@ -/var/log/tor/*log { - su @USER@ @GROUP@ - daily - rotate 5 - compress - delaycompress - missingok - notifempty - create 0644 tor tor - sharedscripts - postrotate - /etc/rc.d/rc.tor reload > /dev/null - endscript -} - diff --git a/tor/rc.tor b/tor/rc.tor deleted file mode 100644 index 53ab0ed..0000000 --- a/tor/rc.tor +++ /dev/null @@ -1,125 +0,0 @@ -#!/bin/sh -# -# tor - The Onion Router -# -# Startup/shutdown script for Tor. -# -# Written by Marco Bonetti <sid77@slackware.it>, heavily based on -# contrib/tor.sh, contrib/torctl and Debian init script. - -# Check available file descriptors -if [ -r /proc/sys/fs/file-max ]; then - SYSTEM_MAX=`cat /proc/sys/fs/file-max` - if [ "$SYSTEM_MAX" -gt "80000" ]; then - MAX_FILEDESCRIPTORS=32768 - elif [ "$SYSTEM_MAX" -gt "40000" ]; then - MAX_FILEDESCRIPTORS=16384 - elif [ "$SYSTEM_MAX" -gt "10000" ]; then - MAX_FILEDESCRIPTORS=8192 - else - MAX_FILEDESCRIPTORS=1024 - cat << EOF - -Warning: Your system has very few filedescriptors available in total. - -Maybe you should try raising that by adding 'fs.file-max=100000' to your -/etc/sysctl.conf file. Feel free to pick any number that you deem appropriate. -Then run 'sysctl -p'. See /proc/sys/fs/file-max for the current value, and -file-nr in the same directory for how many of those are used at the moment. - -EOF - fi -else - MAX_FILEDESCRIPTORS=8192 -fi - -tor_start() { - mkdir -p /var/run/tor - chown tor.tor /var/run/tor - if [ -n "$MAX_FILEDESCRIPTORS" ]; then - echo -n "Raising maximum number of filedescriptors (ulimit -n) to $MAX_FILEDESCRIPTORS" - if ulimit -n "$MAX_FILEDESCRIPTORS" ; then - echo "..." - else - echo ": FAILED." - fi - fi - echo "Starting Tor..." - /usr/bin/tor -} - -tor_stop() { - echo -n "Stopping Tor..." - PID=`cat /var/run/tor/tor.pid 2>/dev/null` - if [ -z "$PID" ]; then - echo " not running." - exit 0 - fi - if kill -15 $PID; then - echo " stopped." - else - sleep 1 - if kill -9 $PID; then - echo " killed." - else - echo " error!" - exit 1 - fi - fi -} - -tor_reload() { - echo -n "Reloading Tor..." - PID=`cat /var/run/tor/tor.pid 2>/dev/null` - if [ -z "$PID" ]; then - echo " not running." - exit 0 - fi - if kill -1 $PID; then - echo " reloaded." - else - echo " error!" - exit 1 - fi -} - -tor_status() { - PID=`cat /var/run/tor/tor.pid 2>/dev/null` - if [ -z "$PID" ]; then - echo "Not running." - exit 1 - elif kill -0 $PID; then - echo "Running." - exit 0 - else - echo "PID file /var/run/tor/tor.pid present but PID $PID is not running." - exit 1 - fi -} - -case "$1" in - start) - tor_start - ;; - - stop) - tor_stop - ;; - - restart) - tor_stop - sleep 3 - tor_start - ;; - - reload) - tor_reload - ;; - - status) - tor_status - ;; - - *) - echo "Usage: $0 (start|stop|restart|reload|status)" -esac diff --git a/tor/slack-desc b/tor/slack-desc deleted file mode 100644 index caffdc2..0000000 --- a/tor/slack-desc +++ /dev/null @@ -1,19 +0,0 @@ -# HOW TO EDIT THIS FILE: -# The "handy ruler" below makes it easier to edit a package description. -# Line up the first '|' above the ':' following the base package name, and -# the '|' on the right side marks the last column you can put a character in. -# You must make exactly 11 lines for the formatting to be correct. It's also -# customary to leave one space after the ':' except on otherwise blank lines. - - |-----handy-ruler------------------------------------------------------| -tor: tor (The second-generation onion router) -tor: -tor: Tor is a toolset for a wide range of organizations and people that -tor: want to improve their safety and security on the Internet. Using Tor -tor: can help you anonymize web browsing and publishing, instant messaging, -tor: IRC, SSH, and other applications that use the TCP protocol. Tor also -tor: provides a platform on which software developers can build new -tor: applications with built-in anonymity, safety, and privacy features. -tor: -tor: https://www.torproject.org/ -tor: diff --git a/tor/tor.SlackBuild b/tor/tor.SlackBuild deleted file mode 100644 index 3a26324..0000000 --- a/tor/tor.SlackBuild +++ /dev/null @@ -1,152 +0,0 @@ -#!/bin/bash -# -# Slackware build script for tor -# -# Copyright 2011-2012 Marco Bonetti <sid77@slackware.it> -# All rights reserved. -# -# Redistribution and use of this script, with or without modification, is -# permitted provided that the following conditions are met: -# -# 1. Redistributions of this script must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# -# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED -# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF -# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO -# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -# Updated by Donald Cooley dfc@warpmail.net -# Updated by Fernando Lopez Jr. fernando.lopezjr@gmail.com -# Updated by Markus Reichelt slackbuilds@mareichelt.de - -cd $(dirname $0) ; CWD=$(pwd) - -PRGNAM=tor -VERSION=${VERSION:-0.4.6.9} -BUILD=${BUILD:-1} -TAG=${TAG:-_SBo} -PKGTYPE=${PKGTYPE:-tgz} - -# Select tor's default user/group -TOR_USER=${TOR_USER:-tor} -TOR_UID=${TOR_UID:-220} -TOR_GROUP=${TOR_GROUP:-tor} -TOR_GID=${TOR_GID:-220} - -if [ -z "$ARCH" ]; then - case "$( uname -m )" in - i?86) ARCH=i586 ;; - arm*) ARCH=arm ;; - *) ARCH=$( uname -m ) ;; - esac -fi - -# If the variable PRINT_PACKAGE_NAME is set, then this script will report what -# the name of the created package would be, and then exit. This information -# could be useful to other scripts. -if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then - echo "$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE" - exit 0 -fi - -TMP=${TMP:-/tmp/SBo} -PKG=$TMP/package-$PRGNAM -OUTPUT=${OUTPUT:-/tmp} - -if [ "$ARCH" = "i586" ]; then - SLKCFLAGS="-O2 -march=i586 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "i686" ]; then - SLKCFLAGS="-O2 -march=i686 -mtune=i686" - LIBDIRSUFFIX="" -elif [ "$ARCH" = "x86_64" ]; then - SLKCFLAGS="-O2 -fPIC" - LIBDIRSUFFIX="64" -else - SLKCFLAGS="-O2" - LIBDIRSUFFIX="" -fi - -bailout() { - echo " You must have a $TOR_USER user and $TOR_GROUP group to run this script. " - echo " Something like this should suffice for most systems: " - echo " # groupadd -g $TOR_GID $TOR_GROUP " - echo " # useradd -u $TOR_UID -g $TOR_GID -c \"The Onion Router\" -d /dev/null -s /bin/false $TOR_USER " - exit 1 -} - -# Bail if user and/or group isn't valid on your system -# uid=220 is suggested to avoid conflicts with other SBo packages, -# but it's your call: http://slackbuilds.org/uid_gid.txt -if ! grep -q "^$TOR_USER:" /etc/passwd; then - bailout -elif ! grep -q "^$TOR_GROUP:" /etc/group; then - bailout -fi - -set -eu - -rm -rf $PKG -mkdir -p $TMP $PKG $OUTPUT -cd $TMP -rm -rf $PRGNAM-$VERSION -tar xvf $CWD/$PRGNAM-$VERSION.tar.gz -cd $PRGNAM-$VERSION -chown -R root:root . -find -L . \ - \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ - -o -perm 511 \) -exec chmod 755 {} \; -o \ - \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ - -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; - -CFLAGS="$SLKCFLAGS" \ -./configure \ - --disable-module-dirauth \ - --prefix=/usr \ - --sysconfdir=/etc \ - --localstatedir=/var \ - --mandir=/usr/man \ - --libdir=/usr/lib${LIBDIRSUFFIX} \ - --docdir=/usr/doc/$PRGNAM-$VERSION \ - --with-tor-user=$TOR_USER \ - --with-tor-group=$TOR_GROUP \ - --build=$ARCH-slackware-linux - -make -make install-strip DESTDIR=$PKG - -# Create/install stuff that makes tor work (better) -mkdir -p $PKG/var/{run,log,lib}/tor -chown $TOR_USER:$TOR_GROUP $PKG/var/{run,log,lib}/tor -chmod 0700 $PKG/var/lib/tor -install -D -m 0755 $CWD/rc.tor $PKG/etc/rc.d/rc.tor.new -# this has been removed in tor-0.4.2.5, uncomment if you need this -# in earlier Tor versions -#install -D -m 0755 contrib/dist/torctl $PKG/usr/bin/torctl -install -D -m 0644 $CWD/torrc $PKG/etc/tor/torrc.new -mkdir -p $PKG/etc/logrotate.d -sed -e "s,@USER@,$TOR_USER," -e "s,@GROUP@,$TOR_GROUP," $CWD/logrotate.tor \ - > $PKG/etc/logrotate.d/tor.new - -find $PKG/usr/man -type f -exec gzip -9 {} \; -for i in $(find $PKG/usr/man -type l) ; do ln -s $(readlink $i).gz $i.gz ; rm $i ; done - -mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION/spec -cp -a ChangeLog INSTALL LICENSE README ReleaseNotes \ - $PKG/usr/doc/$PRGNAM-$VERSION -cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild -cat $CWD/README.SLACKWARE > $PKG/usr/doc/$PRGNAM-$VERSION/README.SLACKWARE - -mkdir -p $PKG/install -cat $CWD/slack-desc > $PKG/install/slack-desc -cat $CWD/doinst.sh > $PKG/install/doinst.sh - -cd $PKG -/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.$PKGTYPE diff --git a/tor/tor.info b/tor/tor.info deleted file mode 100644 index bda5285..0000000 --- a/tor/tor.info +++ /dev/null @@ -1,10 +0,0 @@ -PRGNAM="tor" -VERSION="0.4.6.9" -HOMEPAGE="https://www.torproject.org/" -DOWNLOAD="https://dist.torproject.org/tor-0.4.6.9.tar.gz" -MD5SUM="6a8bb8f6c6f7c6d80a50de8f9f8be8c4" -DOWNLOAD_x86_64="" -MD5SUM_x86_64="" -REQUIRES="" -MAINTAINER="Markus Reichelt" -EMAIL="slackbuilds@mareichelt.de" diff --git a/tor/torrc b/tor/torrc deleted file mode 100644 index d1ada46..0000000 --- a/tor/torrc +++ /dev/null @@ -1,217 +0,0 @@ -## Configuration file for a typical Tor user -## Last updated 22 September 2015 for Tor 0.2.7.3-alpha. -## (may or may not work for much older or much newer versions of Tor.) -## -## Lines that begin with "## " try to explain what's going on. Lines -## that begin with just "#" are disabled commands: you can enable them -## by removing the "#" symbol. -## -## See 'man tor', or https://www.torproject.org/docs/tor-manual.html, -## for more options you can use in this file. -## -## Tor will look for this file in various places based on your platform: -## https://www.torproject.org/docs/faq#torrc -## -## This is a custom Slackware torrc. The original Tor Project torrc file is -## still available as /etc/tor/torrc.sample - -## Tor opens a SOCKS proxy on port 9050 by default -- even if you don't -## configure one below. Set "SOCKSPort 0" if you plan to run Tor only -## as a relay, and not make any local application connections yourself. -#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections. -SOCKSPort 127.0.0.1:9050 # what port to open for local application connections -#SOCKSPort 192.168.0.1:9100 # Bind to this address:port too. - -## Entry policies to allow/deny SOCKS requests based on IP address. -## First entry that matches wins. If no SOCKSPolicy is set, we accept -## all (and only) requests that reach a SOCKSPort. Untrusted users who -## can access your SOCKSPort may be able to learn about the connections -## you make. -#SOCKSPolicy accept 192.168.0.0/16 -#SOCKSPolicy accept6 FC00::/7 -#SOCKSPolicy reject * - -## Logs go to stdout at level "notice" unless redirected by something -## else, like one of the below lines. You can have as many Log lines as -## you want. -## -## We advise using "notice" in most cases, since anything more verbose -## may provide sensitive information to an attacker who obtains the logs. -## -## Send all messages of level 'notice' or higher to /var/log/tor/tor.log -Log notice file /var/log/tor/tor.log -## Send every possible message to /var/log/tor/debug.log -#Log debug file /var/log/tor/debug.log -## Use the system log instead of Tor's logfiles -#Log notice syslog -## To send all messages to stderr: -#Log debug stderr - -## Uncomment this to start the process in the background... or use -## --runasdaemon 1 on the command line. This is ignored on Windows; -## see the FAQ entry if you want Tor to run as an NT service. -RunAsDaemon 1 - -## The directory for keeping all the keys/etc. By default, we store -## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. -DataDirectory /var/lib/tor - -## On startup, setuid to this user and setgid to their primary group. -User tor - -## On startup, write our PID to /var/run/tor/tor.pid. -## On clean shutdown, remove /var/run/tor/tor.pid. -PidFile /var/run/tor/tor.pid - -## The port on which Tor will listen for local connections from Tor -## controller applications, as documented in control-spec.txt. -#ControlPort 9051 -## If you enable the controlport, be sure to enable one of these -## authentication methods, to prevent attackers from accessing it. -#HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C -#CookieAuthentication 1 - -############### This section is just for location-hidden services ### - -## Once you have configured a hidden service, you can look at the -## contents of the file ".../hidden_service/hostname" for the address -## to tell people. -## -## HiddenServicePort x y:z says to redirect requests on port x to the -## address y:z. - -#HiddenServiceDir /var/lib/tor/hidden_service/ -#HiddenServicePort 80 127.0.0.1:80 - -#HiddenServiceDir /var/lib/tor/other_hidden_service/ -#HiddenServicePort 80 127.0.0.1:80 -#HiddenServicePort 22 127.0.0.1:22 - -################ This section is just for relays ##################### -# -## See https://www.torproject.org/docs/tor-doc-relay for details. - -## Required: what port to advertise for incoming Tor connections. -#ORPort 9001 -## If you want to listen on a port other than the one advertised in -## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as -## follows. You'll need to do ipchains or other port forwarding -## yourself to make this work. -#ORPort 443 NoListen -#ORPort 127.0.0.1:9090 NoAdvertise - -## The IP address or full DNS name for incoming connections to your -## relay. Leave commented out and Tor will guess. -#Address noname.example.com - -## If you have multiple network interfaces, you can specify one for -## outgoing traffic to use. -# OutboundBindAddress 10.0.0.5 - -## A handle for your relay, so people don't have to refer to it by key. -## Nicknames must be between 1 and 19 characters inclusive, and must -## contain only the characters [a-zA-Z0-9]. -#Nickname ididnteditheconfig - -## Define these to limit how much relayed traffic you will allow. Your -## own traffic is still unthrottled. Note that RelayBandwidthRate must -## be at least 75 kilobytes per second. -## Note that units for these config options are bytes (per second), not -## bits (per second), and that prefixes are binary prefixes, i.e. 2^10, -## 2^20, etc. -#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) -#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB (1600Kb) - -## Use these to restrict the maximum traffic per day, week, or month. -## Note that this threshold applies separately to sent and received bytes, -## not to their sum: setting "40 GB" may allow up to 80 GB total before -## hibernating. -## -## Set a maximum of 40 gigabytes each way per period. -#AccountingMax 40 GBytes -## Each period starts daily at midnight (AccountingMax is per day) -#AccountingStart day 00:00 -## Each period starts on the 3rd of the month at 15:00 (AccountingMax -## is per month) -#AccountingStart month 3 15:00 - -## Administrative contact information for this relay or bridge. This line -## can be used to contact you if your relay or bridge is misconfigured or -## something else goes wrong. Note that we archive and publish all -## descriptors containing these lines and that Google indexes them, so -## spammers might also collect them. You may want to obscure the fact that -## it's an email address and/or generate a new address for this purpose. -#ContactInfo Random Person <nobody AT example dot com> -## You might also include your PGP or GPG fingerprint if you have one: -#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com> - -## Uncomment this to mirror directory information for others. Please do -## if you have enough bandwidth. -#DirPort 9030 # what port to advertise for directory connections -## If you want to listen on a port other than the one advertised in -## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as -## follows. below too. You'll need to do ipchains or other port -## forwarding yourself to make this work. -#DirPort 80 NoListen -#DirPort 127.0.0.1:9091 NoAdvertise -## Uncomment to return an arbitrary blob of html on your DirPort. Now you -## can explain what Tor is if anybody wonders why your IP address is -## contacting them. See contrib/tor-exit-notice.html in Tor's source -## distribution for a sample. -#DirPortFrontPage /etc/tor/tor-exit-notice.html - -## Uncomment this if you run more than one Tor relay, and add the identity -## key fingerprint of each Tor relay you control, even if they're on -## different networks. You declare it here so Tor clients can avoid -## using more than one of your relays in a single circuit. See -## https://www.torproject.org/docs/faq#MultipleRelays -## However, you should never include a bridge's fingerprint here, as it would -## break its concealability and potentially reveal its IP/TCP address. -#MyFamily $keyid,$keyid,... - -## A comma-separated list of exit policies. They're considered first -## to last, and the first match wins. -## -## If you want to allow the same ports on IPv4 and IPv6, write your rules -## using accept/reject *. If you want to allow different ports on IPv4 and -## IPv6, write your IPv6 rules using accept6/reject6 *6, and your IPv4 rules -## using accept/reject *4. -## -## If you want to _replace_ the default exit policy, end this with either a -## reject *:* or an accept *:*. Otherwise, you're _augmenting_ (prepending to) -## the default exit policy. Leave commented to just use the default, which is -## described in the man page or at -## https://www.torproject.org/documentation.html -## -## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses -## for issues you might encounter if you use the default exit policy. -## -## If certain IPs and ports are blocked externally, e.g. by your firewall, -## you should update your exit policy to reflect this -- otherwise Tor -## users will be told that those destinations are down. -## -## For security, by default Tor rejects connections to private (local) -## networks, including to the configured primary public IPv4 and IPv6 addresses, -## and any public IPv4 and IPv6 addresses on any interface on the relay. -## See the man page entry for ExitPolicyRejectPrivate if you want to allow -## "exit enclaving". -## -#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports on IPv4 and IPv6 but no more -#ExitPolicy accept *:119 # accept nntp ports on IPv4 and IPv6 as well as default exit policy -#ExitPolicy accept *4:119 # accept nntp ports on IPv4 only as well as default exit policy -#ExitPolicy accept6 *6:119 # accept nntp ports on IPv6 only as well as default exit policy -#ExitPolicy reject *:* # no exits allowed - -## Bridge relays (or "bridges") are Tor relays that aren't listed in the -## main directory. Since there is no complete public list of them, even an -## ISP that filters connections to all the known Tor relays probably -## won't be able to block all the bridges. Also, websites won't treat you -## differently because they won't know you're running Tor. If you can -## be a real relay, please do; but if not, be a bridge! -#BridgeRelay 1 -## By default, Tor will advertise your bridge to users through various -## mechanisms like https://bridges.torproject.org/. If you want to run -## a private bridge, for example because you'll give out your bridge -## address manually to your friends, uncomment this line: -#PublishServerDescriptor 0 - |