├── torbox
    ├── files
    │   ├── startup.sh
    │   ├── tor.list
    │   └── torrc
    └── Dockerfile
├── torbox-relay
    ├── files
    │   ├── startup.sh
    │   └── torrc
    └── Dockerfile
├── torbox-hidden
    ├── Dockerfile
    └── files
    │   ├── sshd-key-gen.sh
    │   ├── startup.sh
    │   └── torrc
├── torbox-hidden-apache
    ├── Dockerfile
    └── files
    │   ├── sshd-key-gen.sh
    │   ├── startup.sh
    │   └── torrc
├── LICENSE
└── README.md


/torbox/files/startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | service tor start
3 | sleep 1
4 | tail -f /var/log/tor/log
5 | 


--------------------------------------------------------------------------------
/torbox-relay/files/startup.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | service tor start
3 | sleep 1
4 | tail -f /var/log/tor/log
5 | 


--------------------------------------------------------------------------------
/torbox/files/tor.list:
--------------------------------------------------------------------------------
1 | deb http://deb.torproject.org/torproject.org stable main
2 | deb-src http://deb.torproject.org/torproject.org stable main
3 | 


--------------------------------------------------------------------------------
/torbox-relay/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM hsaito/torbox
2 | MAINTAINER Hideki Saito <hideki@hidekisaito.com>
3 | ADD files/torrc /etc/tor/torrc
4 | EXPOSE 9001
5 | ENTRYPOINT ["sudo -u debian-tor tor"]
6 | ADD files/startup.sh /startup.sh
7 | ENTRYPOINT /startup.sh
8 | 


--------------------------------------------------------------------------------
/torbox-hidden/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM hsaito/torbox
 2 | MAINTAINER Hideki Saito <hideki@hidekisaito.com>
 3 | RUN apt-get install -y openssh-server lighttpd
 4 | ADD files/torrc /etc/tor/torrc
 5 | RUN mkdir -p /var/run/sshd
 6 | RUN echo root:changeme | chpasswd
 7 | ADD files/startup.sh /startup.sh
 8 | ADD files/sshd-key-gen.sh /sshd-key-gen.sh
 9 | ENTRYPOINT /startup.sh
10 | 


--------------------------------------------------------------------------------
/torbox-hidden-apache/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM hsaito/torbox
 2 | MAINTAINER Hideki Saito <hideki@hidekisaito.com>
 3 | RUN apt-get install -y openssh-server apache2
 4 | ADD files/torrc /etc/tor/torrc
 5 | RUN mkdir -p /var/run/sshd
 6 | RUN echo root:changeme | chpasswd
 7 | ADD files/startup.sh /startup.sh
 8 | ADD files/sshd-key-gen.sh /sshd-key-gen.sh
 9 | ENTRYPOINT /startup.sh
10 | 


--------------------------------------------------------------------------------
/torbox/Dockerfile:
--------------------------------------------------------------------------------
 1 | FROM debian:stable
 2 | MAINTAINER Hideki Saito <hideki@hidekisaito.com>
 3 | RUN apt-get update && apt-get install -y gnupg
 4 | RUN /usr/bin/gpg --keyserver pgp.mit.edu --recv 74A941BA219EC810
 5 | RUN /usr/bin/gpg --export 74A941BA219EC810 | apt-key add -
 6 | RUN files/tor.list /etc/apt/sources.list.d/
 7 | RUN apt-get update && apt-get install -y tor sudo
 8 | ADD files/torrc /etc/tor/torrc
 9 | EXPOSE 9050
10 | ADD files/startup.sh /startup.sh
11 | ENTRYPOINT /startup.sh
12 | 
13 | 


--------------------------------------------------------------------------------
/torbox-hidden/files/sshd-key-gen.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # sshd-key-gen.sh
 3 | # post-apply script that properly manages ssh authentication keys
 4 | # Install in /var/radmind/postapply
 5 | 
 6 | SSHKEYGEN=/usr/bin/ssh-keygen
 7 | 
 8 | $SSHKEYGEN -q -t rsa  -f /etc/ssh/ssh_host_rsa_key -N "" \
 9 | -C "" < /dev/null > /dev/null 2> /dev/null
10 | echo "Created /etc/ssh_host_rsa_key"
11 | 
12 | $SSHKEYGEN -q -t dsa  -f /etc/ssh/ssh_host_dsa_key -N "" \
13 | -C "" < /dev/null > /dev/null 2> /dev/null
14 | echo "Created /etc/ssh_host_dsa_key"
15 | 
16 | exit 0
17 | 


--------------------------------------------------------------------------------
/torbox-hidden-apache/files/sshd-key-gen.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | # sshd-key-gen.sh
 3 | # post-apply script that properly manages ssh authentication keys
 4 | # Install in /var/radmind/postapply
 5 | 
 6 | SSHKEYGEN=/usr/bin/ssh-keygen
 7 | 
 8 | $SSHKEYGEN -q -t rsa  -f /etc/ssh/ssh_host_rsa_key -N "" \
 9 | -C "" < /dev/null > /dev/null 2> /dev/null
10 | echo "Created /etc/ssh_host_rsa_key"
11 | 
12 | $SSHKEYGEN -q -t dsa  -f /etc/ssh/ssh_host_dsa_key -N "" \
13 | -C "" < /dev/null > /dev/null 2> /dev/null
14 | echo "Created /etc/ssh_host_dsa_key"
15 | 
16 | exit 0
17 | 


--------------------------------------------------------------------------------
/torbox-hidden/files/startup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | service lighttpd start
 3 | 
 4 | if [ -f /var/lib/tor/hidden_service/hostname ]; then
 5 | 	echo "Your hostname:"
 6 | 	cat /var/lib/tor/hidden_service/hostname
 7 | else
 8 | 	echo "Starting up Tor briefly to generate your hidden service hostname. Please wait..."
 9 | 	service tor start & sleep 10; service tor stop ; echo "Your hostname:" ; cat /var/lib/tor/hidden_service/hostname
10 | 	echo "Regenerating server keys..."
11 | 	chmod +x /sshd-key-gen.sh ; /sshd-key-gen.sh
12 | 	rm /sshd-key-gen.sh
13 | fi
14 | service ssh start
15 | service tor start
16 | sleep 1
17 | tail -f /var/log/tor/log
18 | 


--------------------------------------------------------------------------------
/torbox-hidden-apache/files/startup.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/sh
 2 | service lighttpd start
 3 | 
 4 | if [ -f /var/lib/tor/hidden_service/hostname ]; then
 5 | 	echo "Your hostname:"
 6 | 	cat /var/lib/tor/hidden_service/hostname
 7 | else
 8 | 	echo "Starting up Tor briefly to generate your hidden service hostname. Please wait..."
 9 | 	service tor start & sleep 10; service tor stop ; echo "Your hostname:" ; cat /var/lib/tor/hidden_service/hostname
10 | 	echo "Regenerating server keys..."
11 | 	chmod +x /sshd-key-gen.sh ; /sshd-key-gen.sh
12 | 	rm /sshd-key-gen.sh
13 | fi
14 | service ssh start
15 | service tor start
16 | sleep 1
17 | tail -f /var/log/tor/log
18 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | The MIT License (MIT)
 2 | 
 3 | Copyright (c) 2015 Hideki Saito
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | docker-torbox
 2 | =============
 3 | 
 4 | docker-torbox is a set of Dockerfile and its dependencies to create Docker image of Tor, an Anonymyzing proxy. 
 5 | 
 6 | More information about Tor can be found at http://torproject.org/
 7 | 
 8 | There are two kind of image definitions in this repository.
 9 | 
10 | torbox
11 | ------
12 | This version provides SOCKS proxy. Please note that this does not automatically provide browser access through Tor; it is expected that it is configured elsewhere. (and there are far easier solution if that's all you needed.)
13 | 
14 | This is more useful for application such as Bitmessage and others that has settings for SOCKS.
15 | 
16 | Pre-built build is available at:
17 | https://registry.hub.docker.com/u/hsaito/torbox/
18 | 
19 | torbox-relay
20 | ------------
21 | This version does not provide SOCKS proxy, but provides relay capability.
22 | 
23 | Pre-built build is available at:
24 | https://registry.hub.docker.com/u/hsaito/torbox-relay/
25 | 
26 | torbox-hidden
27 | -------------
28 | This version provides hidden service. It currently used lighttpd. Tor behaviors are different from above two as this container will try to obtain .onion address when it is not present at first run. Container log will display effective .onion address every time it is started.
29 | 
30 | Pre-built build is available at:
31 | https://registry.hub.docker.com/u/hsaito/torbox-hidden/
32 | 


--------------------------------------------------------------------------------
/torbox-relay/files/torrc:
--------------------------------------------------------------------------------
  1 | ## Configuration file for a typical Tor user
  2 | ## Last updated 12 September 2012 for Tor 0.2.4.3-alpha.
  3 | ## (may or may not work for much older or much newer versions of Tor.)
  4 | ##
  5 | ## Lines that begin with "## " try to explain what's going on. Lines
  6 | ## that begin with just "#" are disabled commands: you can enable them
  7 | ## by removing the "#" symbol.
  8 | ##
  9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 10 | ## for more options you can use in this file.
 11 | ##
 12 | ## Tor will look for this file in various places based on your platform:
 13 | ## https://www.torproject.org/docs/faq#torrc
 14 | 
 15 | ## Tor opens a socks proxy on port 9050 by default -- even if you don't
 16 | ## configure one below. Set "SocksPort 0" if you plan to run Tor only
 17 | ## as a relay, and not make any local application connections yourself.
 18 | #SocksPort 0.0.0.0:9050 # Default: Bind to localhost:9050 for local connections.
 19 | #SocksPort 192.168.0.1:9100 # Bind to this address:port too.
 20 | 
 21 | SocksPort 0
 22 | 
 23 | ## Entry policies to allow/deny SOCKS requests based on IP address.
 24 | ## First entry that matches wins. If no SocksPolicy is set, we accept
 25 | ## all (and only) requests that reach a SocksPort. Untrusted users who
 26 | ## can access your SocksPort may be able to learn about the connections
 27 | ## you make.
 28 | #SocksPolicy accept 192.168.0.0/16
 29 | #SocksPolicy reject *
 30 | 
 31 | ## Logs go to stdout at level "notice" unless redirected by something
 32 | ## else, like one of the below lines. You can have as many Log lines as
 33 | ## you want.
 34 | ##
 35 | ## We advise using "notice" in most cases, since anything more verbose
 36 | ## may provide sensitive information to an attacker who obtains the logs.
 37 | ##
 38 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 39 | #Log notice file /var/log/tor/notices.log
 40 | ## Send every possible message to /var/log/tor/debug.log
 41 | #Log debug file /var/log/tor/debug.log
 42 | ## Use the system log instead of Tor's logfiles
 43 | #Log notice syslog
 44 | ## To send all messages to stderr:
 45 | #Log debug stderr
 46 | 
 47 | ## Uncomment this to start the process in the background... or use
 48 | ## --runasdaemon 1 on the command line. This is ignored on Windows;
 49 | ## see the FAQ entry if you want Tor to run as an NT service.
 50 | #RunAsDaemon 1
 51 | 
 52 | ## The directory for keeping all the keys/etc. By default, we store
 53 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 54 | #DataDirectory /var/lib/tor
 55 | 
 56 | ## The port on which Tor will listen for local connections from Tor
 57 | ## controller applications, as documented in control-spec.txt.
 58 | #ControlPort 9051
 59 | ## If you enable the controlport, be sure to enable one of these
 60 | ## authentication methods, to prevent attackers from accessing it.
 61 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
 62 | #CookieAuthentication 1
 63 | 
 64 | ############### This section is just for location-hidden services ###
 65 | 
 66 | ## Once you have configured a hidden service, you can look at the
 67 | ## contents of the file ".../hidden_service/hostname" for the address
 68 | ## to tell people.
 69 | ##
 70 | ## HiddenServicePort x y:z says to redirect requests on port x to the
 71 | ## address y:z.
 72 | 
 73 | #HiddenServiceDir /var/lib/tor/hidden_service/
 74 | #HiddenServicePort 80 127.0.0.1:80
 75 | 
 76 | #HiddenServiceDir /var/lib/tor/other_hidden_service/
 77 | #HiddenServicePort 80 127.0.0.1:80
 78 | #HiddenServicePort 22 127.0.0.1:22
 79 | 
 80 | ################ This section is just for relays #####################
 81 | #
 82 | ## See https://www.torproject.org/docs/tor-doc-relay for details.
 83 | 
 84 | ## Required: what port to advertise for incoming Tor connections.
 85 | ORPort 9001
 86 | ## If you want to listen on a port other than the one advertised in
 87 | ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 88 | ## follows.  You'll need to do ipchains or other port forwarding
 89 | ## yourself to make this work.
 90 | #ORPort 443 NoListen
 91 | #ORPort 127.0.0.1:9090 NoAdvertise
 92 | 
 93 | ## The IP address or full DNS name for incoming connections to your
 94 | ## relay. Leave commented out and Tor will guess.
 95 | #Address noname.example.com
 96 | 
 97 | ## If you have multiple network interfaces, you can specify one for
 98 | ## outgoing traffic to use.
 99 | # OutboundBindAddress 10.0.0.5
100 | 
101 | ## A handle for your relay, so people don't have to refer to it by key.
102 | #Nickname ididnteditheconfig
103 | 
104 | ## Define these to limit how much relayed traffic you will allow. Your
105 | ## own traffic is still unthrottled. Note that RelayBandwidthRate must
106 | ## be at least 20 KB.
107 | ## Note that units for these config options are bytes per second, not bits
108 | ## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
109 | #RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
110 | #RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
111 | 
112 | ## Use these to restrict the maximum traffic per day, week, or month.
113 | ## Note that this threshold applies separately to sent and received bytes,
114 | ## not to their sum: setting "4 GB" may allow up to 8 GB total before
115 | ## hibernating.
116 | ##
117 | ## Set a maximum of 4 gigabytes each way per period.
118 | #AccountingMax 4 GB
119 | ## Each period starts daily at midnight (AccountingMax is per day)
120 | #AccountingStart day 00:00
121 | ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
122 | ## is per month)
123 | #AccountingStart month 3 15:00
124 | 
125 | ## Contact info to be published in the directory, so we can contact you
126 | ## if your relay is misconfigured or something else goes wrong. Google
127 | ## indexes this, so spammers might also collect it.
128 | #ContactInfo Random Person <nobody AT example dot com>
129 | ## You might also include your PGP or GPG fingerprint if you have one:
130 | #ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
131 | 
132 | ## Uncomment this to mirror directory information for others. Please do
133 | ## if you have enough bandwidth.
134 | #DirPort 9030 # what port to advertise for directory connections
135 | ## If you want to listen on a port other than the one advertised in
136 | ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
137 | ## follows.  below too. You'll need to do ipchains or other port
138 | ## forwarding yourself to make this work.
139 | #DirPort 80 NoListen
140 | #DirPort 127.0.0.1:9091 NoAdvertise
141 | ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
142 | ## can explain what Tor is if anybody wonders why your IP address is
143 | ## contacting them. See contrib/tor-exit-notice.html in Tor's source
144 | ## distribution for a sample.
145 | #DirPortFrontPage /etc/tor/tor-exit-notice.html
146 | 
147 | ## Uncomment this if you run more than one Tor relay, and add the identity
148 | ## key fingerprint of each Tor relay you control, even if they're on
149 | ## different networks. You declare it here so Tor clients can avoid
150 | ## using more than one of your relays in a single circuit. See
151 | ## https://www.torproject.org/docs/faq#MultipleRelays
152 | ## However, you should never include a bridge's fingerprint here, as it would
153 | ## break its concealability and potentionally reveal its IP/TCP address.
154 | #MyFamily $keyid,$keyid,...
155 | 
156 | ## A comma-separated list of exit policies. They're considered first
157 | ## to last, and the first match wins. If you want to _replace_
158 | ## the default exit policy, end this with either a reject *:* or an
159 | ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
160 | ## default exit policy. Leave commented to just use the default, which is
161 | ## described in the man page or at
162 | ## https://www.torproject.org/documentation.html
163 | ##
164 | ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
165 | ## for issues you might encounter if you use the default exit policy.
166 | ##
167 | ## If certain IPs and ports are blocked externally, e.g. by your firewall,
168 | ## you should update your exit policy to reflect this -- otherwise Tor
169 | ## users will be told that those destinations are down.
170 | ##
171 | ## For security, by default Tor rejects connections to private (local)
172 | ## networks, including to your public IP address. See the man page entry
173 | ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
174 | ##
175 | #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
176 | #ExitPolicy accept *:119 # accept nntp as well as default exit policy
177 | ExitPolicy reject *:* # no exits allowed
178 | 
179 | ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
180 | ## main directory. Since there is no complete public list of them, even an
181 | ## ISP that filters connections to all the known Tor relays probably
182 | ## won't be able to block all the bridges. Also, websites won't treat you
183 | ## differently because they won't know you're running Tor. If you can
184 | ## be a real relay, please do; but if not, be a bridge!
185 | #BridgeRelay 1
186 | ## By default, Tor will advertise your bridge to users through various
187 | ## mechanisms like https://bridges.torproject.org/. If you want to run
188 | ## a private bridge, for example because you'll give out your bridge
189 | ## address manually to your friends, uncomment this line:
190 | #PublishServerDescriptor 0
191 | 
192 | 


--------------------------------------------------------------------------------
/torbox/files/torrc:
--------------------------------------------------------------------------------
  1 | ## Configuration file for a typical Tor user
  2 | ## Last updated 12 September 2012 for Tor 0.2.4.3-alpha.
  3 | ## (may or may not work for much older or much newer versions of Tor.)
  4 | ##
  5 | ## Lines that begin with "## " try to explain what's going on. Lines
  6 | ## that begin with just "#" are disabled commands: you can enable them
  7 | ## by removing the "#" symbol.
  8 | ##
  9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 10 | ## for more options you can use in this file.
 11 | ##
 12 | ## Tor will look for this file in various places based on your platform:
 13 | ## https://www.torproject.org/docs/faq#torrc
 14 | 
 15 | ## Tor opens a socks proxy on port 9050 by default -- even if you don't
 16 | ## configure one below. Set "SocksPort 0" if you plan to run Tor only
 17 | ## as a relay, and not make any local application connections yourself.
 18 | SocksPort 0.0.0.0:9050 # Default: Bind to localhost:9050 for local connections.
 19 | #SocksPort 192.168.0.1:9100 # Bind to this address:port too.
 20 | 
 21 | ## Entry policies to allow/deny SOCKS requests based on IP address.
 22 | ## First entry that matches wins. If no SocksPolicy is set, we accept
 23 | ## all (and only) requests that reach a SocksPort. Untrusted users who
 24 | ## can access your SocksPort may be able to learn about the connections
 25 | ## you make.
 26 | #SocksPolicy accept 192.168.0.0/16
 27 | #SocksPolicy reject *
 28 | 
 29 | SocksPolicy accept *
 30 | 
 31 | ## Logs go to stdout at level "notice" unless redirected by something
 32 | ## else, like one of the below lines. You can have as many Log lines as
 33 | ## you want.
 34 | ##
 35 | ## We advise using "notice" in most cases, since anything more verbose
 36 | ## may provide sensitive information to an attacker who obtains the logs.
 37 | ##
 38 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 39 | #Log notice file /var/log/tor/notices.log
 40 | ## Send every possible message to /var/log/tor/debug.log
 41 | #Log debug file /var/log/tor/debug.log
 42 | ## Use the system log instead of Tor's logfiles
 43 | #Log notice syslog
 44 | ## To send all messages to stderr:
 45 | #Log debug stderr
 46 | 
 47 | ## Uncomment this to start the process in the background... or use
 48 | ## --runasdaemon 1 on the command line. This is ignored on Windows;
 49 | ## see the FAQ entry if you want Tor to run as an NT service.
 50 | #RunAsDaemon 1
 51 | 
 52 | ## The directory for keeping all the keys/etc. By default, we store
 53 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 54 | #DataDirectory /var/lib/tor
 55 | 
 56 | ## The port on which Tor will listen for local connections from Tor
 57 | ## controller applications, as documented in control-spec.txt.
 58 | #ControlPort 9051
 59 | ## If you enable the controlport, be sure to enable one of these
 60 | ## authentication methods, to prevent attackers from accessing it.
 61 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
 62 | #CookieAuthentication 1
 63 | 
 64 | ############### This section is just for location-hidden services ###
 65 | 
 66 | ## Once you have configured a hidden service, you can look at the
 67 | ## contents of the file ".../hidden_service/hostname" for the address
 68 | ## to tell people.
 69 | ##
 70 | ## HiddenServicePort x y:z says to redirect requests on port x to the
 71 | ## address y:z.
 72 | 
 73 | #HiddenServiceDir /var/lib/tor/hidden_service/
 74 | #HiddenServicePort 80 127.0.0.1:80
 75 | 
 76 | #HiddenServiceDir /var/lib/tor/other_hidden_service/
 77 | #HiddenServicePort 80 127.0.0.1:80
 78 | #HiddenServicePort 22 127.0.0.1:22
 79 | 
 80 | ################ This section is just for relays #####################
 81 | #
 82 | ## See https://www.torproject.org/docs/tor-doc-relay for details.
 83 | 
 84 | ## Required: what port to advertise for incoming Tor connections.
 85 | ## ORPort 9001
 86 | ## If you want to listen on a port other than the one advertised in
 87 | ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 88 | ## follows.  You'll need to do ipchains or other port forwarding
 89 | ## yourself to make this work.
 90 | #ORPort 443 NoListen
 91 | #ORPort 127.0.0.1:9090 NoAdvertise
 92 | 
 93 | ## The IP address or full DNS name for incoming connections to your
 94 | ## relay. Leave commented out and Tor will guess.
 95 | #Address noname.example.com
 96 | 
 97 | ## If you have multiple network interfaces, you can specify one for
 98 | ## outgoing traffic to use.
 99 | # OutboundBindAddress 10.0.0.5
100 | 
101 | ## A handle for your relay, so people don't have to refer to it by key.
102 | #Nickname ididnteditheconfig
103 | 
104 | ## Define these to limit how much relayed traffic you will allow. Your
105 | ## own traffic is still unthrottled. Note that RelayBandwidthRate must
106 | ## be at least 20 KB.
107 | ## Note that units for these config options are bytes per second, not bits
108 | ## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
109 | #RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
110 | #RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
111 | 
112 | ## Use these to restrict the maximum traffic per day, week, or month.
113 | ## Note that this threshold applies separately to sent and received bytes,
114 | ## not to their sum: setting "4 GB" may allow up to 8 GB total before
115 | ## hibernating.
116 | ##
117 | ## Set a maximum of 4 gigabytes each way per period.
118 | #AccountingMax 4 GB
119 | ## Each period starts daily at midnight (AccountingMax is per day)
120 | #AccountingStart day 00:00
121 | ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
122 | ## is per month)
123 | #AccountingStart month 3 15:00
124 | 
125 | ## Contact info to be published in the directory, so we can contact you
126 | ## if your relay is misconfigured or something else goes wrong. Google
127 | ## indexes this, so spammers might also collect it.
128 | #ContactInfo Random Person <nobody AT example dot com>
129 | ## You might also include your PGP or GPG fingerprint if you have one:
130 | #ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
131 | 
132 | ## Uncomment this to mirror directory information for others. Please do
133 | ## if you have enough bandwidth.
134 | #DirPort 9030 # what port to advertise for directory connections
135 | ## If you want to listen on a port other than the one advertised in
136 | ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
137 | ## follows.  below too. You'll need to do ipchains or other port
138 | ## forwarding yourself to make this work.
139 | #DirPort 80 NoListen
140 | #DirPort 127.0.0.1:9091 NoAdvertise
141 | ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
142 | ## can explain what Tor is if anybody wonders why your IP address is
143 | ## contacting them. See contrib/tor-exit-notice.html in Tor's source
144 | ## distribution for a sample.
145 | #DirPortFrontPage /etc/tor/tor-exit-notice.html
146 | 
147 | ## Uncomment this if you run more than one Tor relay, and add the identity
148 | ## key fingerprint of each Tor relay you control, even if they're on
149 | ## different networks. You declare it here so Tor clients can avoid
150 | ## using more than one of your relays in a single circuit. See
151 | ## https://www.torproject.org/docs/faq#MultipleRelays
152 | ## However, you should never include a bridge's fingerprint here, as it would
153 | ## break its concealability and potentionally reveal its IP/TCP address.
154 | #MyFamily $keyid,$keyid,...
155 | 
156 | ## A comma-separated list of exit policies. They're considered first
157 | ## to last, and the first match wins. If you want to _replace_
158 | ## the default exit policy, end this with either a reject *:* or an
159 | ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
160 | ## default exit policy. Leave commented to just use the default, which is
161 | ## described in the man page or at
162 | ## https://www.torproject.org/documentation.html
163 | ##
164 | ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
165 | ## for issues you might encounter if you use the default exit policy.
166 | ##
167 | ## If certain IPs and ports are blocked externally, e.g. by your firewall,
168 | ## you should update your exit policy to reflect this -- otherwise Tor
169 | ## users will be told that those destinations are down.
170 | ##
171 | ## For security, by default Tor rejects connections to private (local)
172 | ## networks, including to your public IP address. See the man page entry
173 | ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
174 | ##
175 | #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
176 | #ExitPolicy accept *:119 # accept nntp as well as default exit policy
177 | #ExitPolicy reject *:* # no exits allowed
178 | 
179 | ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
180 | ## main directory. Since there is no complete public list of them, even an
181 | ## ISP that filters connections to all the known Tor relays probably
182 | ## won't be able to block all the bridges. Also, websites won't treat you
183 | ## differently because they won't know you're running Tor. If you can
184 | ## be a real relay, please do; but if not, be a bridge!
185 | #BridgeRelay 1
186 | ## By default, Tor will advertise your bridge to users through various
187 | ## mechanisms like https://bridges.torproject.org/. If you want to run
188 | ## a private bridge, for example because you'll give out your bridge
189 | ## address manually to your friends, uncomment this line:
190 | #PublishServerDescriptor 0
191 | 
192 | 


--------------------------------------------------------------------------------
/torbox-hidden/files/torrc:
--------------------------------------------------------------------------------
  1 | ## Configuration file for a typical Tor user
  2 | ## Last updated 12 September 2012 for Tor 0.2.4.3-alpha.
  3 | ## (may or may not work for much older or much newer versions of Tor.)
  4 | ##
  5 | ## Lines that begin with "## " try to explain what's going on. Lines
  6 | ## that begin with just "#" are disabled commands: you can enable them
  7 | ## by removing the "#" symbol.
  8 | ##
  9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 10 | ## for more options you can use in this file.
 11 | ##
 12 | ## Tor will look for this file in various places based on your platform:
 13 | ## https://www.torproject.org/docs/faq#torrc
 14 | 
 15 | ## Tor opens a socks proxy on port 9050 by default -- even if you don't
 16 | ## configure one below. Set "SocksPort 0" if you plan to run Tor only
 17 | ## as a relay, and not make any local application connections yourself.
 18 | #SocksPort 0.0.0.0:9050 # Default: Bind to localhost:9050 for local connections.
 19 | #SocksPort 192.168.0.1:9100 # Bind to this address:port too.
 20 | 
 21 | SocksPort 0
 22 | 
 23 | ## Entry policies to allow/deny SOCKS requests based on IP address.
 24 | ## First entry that matches wins. If no SocksPolicy is set, we accept
 25 | ## all (and only) requests that reach a SocksPort. Untrusted users who
 26 | ## can access your SocksPort may be able to learn about the connections
 27 | ## you make.
 28 | #SocksPolicy accept 192.168.0.0/16
 29 | #SocksPolicy reject *
 30 | 
 31 | ## Logs go to stdout at level "notice" unless redirected by something
 32 | ## else, like one of the below lines. You can have as many Log lines as
 33 | ## you want.
 34 | ##
 35 | ## We advise using "notice" in most cases, since anything more verbose
 36 | ## may provide sensitive information to an attacker who obtains the logs.
 37 | ##
 38 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 39 | #Log notice file /var/log/tor/notices.log
 40 | ## Send every possible message to /var/log/tor/debug.log
 41 | #Log debug file /var/log/tor/debug.log
 42 | ## Use the system log instead of Tor's logfiles
 43 | #Log notice syslog
 44 | ## To send all messages to stderr:
 45 | #Log debug stderr
 46 | 
 47 | ## Uncomment this to start the process in the background... or use
 48 | ## --runasdaemon 1 on the command line. This is ignored on Windows;
 49 | ## see the FAQ entry if you want Tor to run as an NT service.
 50 | #RunAsDaemon 1
 51 | 
 52 | ## The directory for keeping all the keys/etc. By default, we store
 53 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 54 | #DataDirectory /var/lib/tor
 55 | 
 56 | ## The port on which Tor will listen for local connections from Tor
 57 | ## controller applications, as documented in control-spec.txt.
 58 | #ControlPort 9051
 59 | ## If you enable the controlport, be sure to enable one of these
 60 | ## authentication methods, to prevent attackers from accessing it.
 61 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
 62 | #CookieAuthentication 1
 63 | 
 64 | ############### This section is just for location-hidden services ###
 65 | 
 66 | ## Once you have configured a hidden service, you can look at the
 67 | ## contents of the file ".../hidden_service/hostname" for the address
 68 | ## to tell people.
 69 | ##
 70 | ## HiddenServicePort x y:z says to redirect requests on port x to the
 71 | ## address y:z.
 72 | 
 73 | HiddenServiceDir /var/lib/tor/hidden_service/
 74 | HiddenServicePort 80 127.0.0.1:80
 75 | HiddenServicePort 22 127.0.0.1:22
 76 | 
 77 | #HiddenServiceDir /var/lib/tor/other_hidden_service/
 78 | #HiddenServicePort 80 127.0.0.1:80
 79 | #HiddenServicePort 22 127.0.0.1:22
 80 | 
 81 | ################ This section is just for relays #####################
 82 | #
 83 | ## See https://www.torproject.org/docs/tor-doc-relay for details.
 84 | 
 85 | ## Required: what port to advertise for incoming Tor connections.
 86 | ## ORPort 9001
 87 | ## If you want to listen on a port other than the one advertised in
 88 | ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 89 | ## follows.  You'll need to do ipchains or other port forwarding
 90 | ## yourself to make this work.
 91 | #ORPort 443 NoListen
 92 | #ORPort 127.0.0.1:9090 NoAdvertise
 93 | 
 94 | ## The IP address or full DNS name for incoming connections to your
 95 | ## relay. Leave commented out and Tor will guess.
 96 | #Address noname.example.com
 97 | 
 98 | ## If you have multiple network interfaces, you can specify one for
 99 | ## outgoing traffic to use.
100 | # OutboundBindAddress 10.0.0.5
101 | 
102 | ## A handle for your relay, so people don't have to refer to it by key.
103 | #Nickname ididnteditheconfig
104 | 
105 | ## Define these to limit how much relayed traffic you will allow. Your
106 | ## own traffic is still unthrottled. Note that RelayBandwidthRate must
107 | ## be at least 20 KB.
108 | ## Note that units for these config options are bytes per second, not bits
109 | ## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
110 | #RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
111 | #RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
112 | 
113 | ## Use these to restrict the maximum traffic per day, week, or month.
114 | ## Note that this threshold applies separately to sent and received bytes,
115 | ## not to their sum: setting "4 GB" may allow up to 8 GB total before
116 | ## hibernating.
117 | ##
118 | ## Set a maximum of 4 gigabytes each way per period.
119 | #AccountingMax 4 GB
120 | ## Each period starts daily at midnight (AccountingMax is per day)
121 | #AccountingStart day 00:00
122 | ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
123 | ## is per month)
124 | #AccountingStart month 3 15:00
125 | 
126 | ## Contact info to be published in the directory, so we can contact you
127 | ## if your relay is misconfigured or something else goes wrong. Google
128 | ## indexes this, so spammers might also collect it.
129 | #ContactInfo Random Person <nobody AT example dot com>
130 | ## You might also include your PGP or GPG fingerprint if you have one:
131 | #ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
132 | 
133 | ## Uncomment this to mirror directory information for others. Please do
134 | ## if you have enough bandwidth.
135 | #DirPort 9030 # what port to advertise for directory connections
136 | ## If you want to listen on a port other than the one advertised in
137 | ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
138 | ## follows.  below too. You'll need to do ipchains or other port
139 | ## forwarding yourself to make this work.
140 | #DirPort 80 NoListen
141 | #DirPort 127.0.0.1:9091 NoAdvertise
142 | ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
143 | ## can explain what Tor is if anybody wonders why your IP address is
144 | ## contacting them. See contrib/tor-exit-notice.html in Tor's source
145 | ## distribution for a sample.
146 | #DirPortFrontPage /etc/tor/tor-exit-notice.html
147 | 
148 | ## Uncomment this if you run more than one Tor relay, and add the identity
149 | ## key fingerprint of each Tor relay you control, even if they're on
150 | ## different networks. You declare it here so Tor clients can avoid
151 | ## using more than one of your relays in a single circuit. See
152 | ## https://www.torproject.org/docs/faq#MultipleRelays
153 | ## However, you should never include a bridge's fingerprint here, as it would
154 | ## break its concealability and potentionally reveal its IP/TCP address.
155 | #MyFamily $keyid,$keyid,...
156 | 
157 | ## A comma-separated list of exit policies. They're considered first
158 | ## to last, and the first match wins. If you want to _replace_
159 | ## the default exit policy, end this with either a reject *:* or an
160 | ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
161 | ## default exit policy. Leave commented to just use the default, which is
162 | ## described in the man page or at
163 | ## https://www.torproject.org/documentation.html
164 | ##
165 | ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
166 | ## for issues you might encounter if you use the default exit policy.
167 | ##
168 | ## If certain IPs and ports are blocked externally, e.g. by your firewall,
169 | ## you should update your exit policy to reflect this -- otherwise Tor
170 | ## users will be told that those destinations are down.
171 | ##
172 | ## For security, by default Tor rejects connections to private (local)
173 | ## networks, including to your public IP address. See the man page entry
174 | ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
175 | ##
176 | #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
177 | #ExitPolicy accept *:119 # accept nntp as well as default exit policy
178 | #ExitPolicy reject *:* # no exits allowed
179 | 
180 | ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
181 | ## main directory. Since there is no complete public list of them, even an
182 | ## ISP that filters connections to all the known Tor relays probably
183 | ## won't be able to block all the bridges. Also, websites won't treat you
184 | ## differently because they won't know you're running Tor. If you can
185 | ## be a real relay, please do; but if not, be a bridge!
186 | #BridgeRelay 1
187 | ## By default, Tor will advertise your bridge to users through various
188 | ## mechanisms like https://bridges.torproject.org/. If you want to run
189 | ## a private bridge, for example because you'll give out your bridge
190 | ## address manually to your friends, uncomment this line:
191 | #PublishServerDescriptor 0
192 | 
193 | 


--------------------------------------------------------------------------------
/torbox-hidden-apache/files/torrc:
--------------------------------------------------------------------------------
  1 | ## Configuration file for a typical Tor user
  2 | ## Last updated 12 September 2012 for Tor 0.2.4.3-alpha.
  3 | ## (may or may not work for much older or much newer versions of Tor.)
  4 | ##
  5 | ## Lines that begin with "## " try to explain what's going on. Lines
  6 | ## that begin with just "#" are disabled commands: you can enable them
  7 | ## by removing the "#" symbol.
  8 | ##
  9 | ## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 10 | ## for more options you can use in this file.
 11 | ##
 12 | ## Tor will look for this file in various places based on your platform:
 13 | ## https://www.torproject.org/docs/faq#torrc
 14 | 
 15 | ## Tor opens a socks proxy on port 9050 by default -- even if you don't
 16 | ## configure one below. Set "SocksPort 0" if you plan to run Tor only
 17 | ## as a relay, and not make any local application connections yourself.
 18 | #SocksPort 0.0.0.0:9050 # Default: Bind to localhost:9050 for local connections.
 19 | #SocksPort 192.168.0.1:9100 # Bind to this address:port too.
 20 | 
 21 | SocksPort 0
 22 | 
 23 | ## Entry policies to allow/deny SOCKS requests based on IP address.
 24 | ## First entry that matches wins. If no SocksPolicy is set, we accept
 25 | ## all (and only) requests that reach a SocksPort. Untrusted users who
 26 | ## can access your SocksPort may be able to learn about the connections
 27 | ## you make.
 28 | #SocksPolicy accept 192.168.0.0/16
 29 | #SocksPolicy reject *
 30 | 
 31 | ## Logs go to stdout at level "notice" unless redirected by something
 32 | ## else, like one of the below lines. You can have as many Log lines as
 33 | ## you want.
 34 | ##
 35 | ## We advise using "notice" in most cases, since anything more verbose
 36 | ## may provide sensitive information to an attacker who obtains the logs.
 37 | ##
 38 | ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 39 | #Log notice file /var/log/tor/notices.log
 40 | ## Send every possible message to /var/log/tor/debug.log
 41 | #Log debug file /var/log/tor/debug.log
 42 | ## Use the system log instead of Tor's logfiles
 43 | #Log notice syslog
 44 | ## To send all messages to stderr:
 45 | #Log debug stderr
 46 | 
 47 | ## Uncomment this to start the process in the background... or use
 48 | ## --runasdaemon 1 on the command line. This is ignored on Windows;
 49 | ## see the FAQ entry if you want Tor to run as an NT service.
 50 | #RunAsDaemon 1
 51 | 
 52 | ## The directory for keeping all the keys/etc. By default, we store
 53 | ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
 54 | #DataDirectory /var/lib/tor
 55 | 
 56 | ## The port on which Tor will listen for local connections from Tor
 57 | ## controller applications, as documented in control-spec.txt.
 58 | #ControlPort 9051
 59 | ## If you enable the controlport, be sure to enable one of these
 60 | ## authentication methods, to prevent attackers from accessing it.
 61 | #HashedControlPassword 16:872860B76453A77D60CA2BB8C1A7042072093276A3D701AD684053EC4C
 62 | #CookieAuthentication 1
 63 | 
 64 | ############### This section is just for location-hidden services ###
 65 | 
 66 | ## Once you have configured a hidden service, you can look at the
 67 | ## contents of the file ".../hidden_service/hostname" for the address
 68 | ## to tell people.
 69 | ##
 70 | ## HiddenServicePort x y:z says to redirect requests on port x to the
 71 | ## address y:z.
 72 | 
 73 | HiddenServiceDir /var/lib/tor/hidden_service/
 74 | HiddenServicePort 80 127.0.0.1:80
 75 | HiddenServicePort 22 127.0.0.1:22
 76 | 
 77 | #HiddenServiceDir /var/lib/tor/other_hidden_service/
 78 | #HiddenServicePort 80 127.0.0.1:80
 79 | #HiddenServicePort 22 127.0.0.1:22
 80 | 
 81 | ################ This section is just for relays #####################
 82 | #
 83 | ## See https://www.torproject.org/docs/tor-doc-relay for details.
 84 | 
 85 | ## Required: what port to advertise for incoming Tor connections.
 86 | ## ORPort 9001
 87 | ## If you want to listen on a port other than the one advertised in
 88 | ## ORPort (e.g. to advertise 443 but bind to 9090), you can do it as
 89 | ## follows.  You'll need to do ipchains or other port forwarding
 90 | ## yourself to make this work.
 91 | #ORPort 443 NoListen
 92 | #ORPort 127.0.0.1:9090 NoAdvertise
 93 | 
 94 | ## The IP address or full DNS name for incoming connections to your
 95 | ## relay. Leave commented out and Tor will guess.
 96 | #Address noname.example.com
 97 | 
 98 | ## If you have multiple network interfaces, you can specify one for
 99 | ## outgoing traffic to use.
100 | # OutboundBindAddress 10.0.0.5
101 | 
102 | ## A handle for your relay, so people don't have to refer to it by key.
103 | #Nickname ididnteditheconfig
104 | 
105 | ## Define these to limit how much relayed traffic you will allow. Your
106 | ## own traffic is still unthrottled. Note that RelayBandwidthRate must
107 | ## be at least 20 KB.
108 | ## Note that units for these config options are bytes per second, not bits
109 | ## per second, and that prefixes are binary prefixes, i.e. 2^10, 2^20, etc.
110 | #RelayBandwidthRate 100 KB  # Throttle traffic to 100KB/s (800Kbps)
111 | #RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
112 | 
113 | ## Use these to restrict the maximum traffic per day, week, or month.
114 | ## Note that this threshold applies separately to sent and received bytes,
115 | ## not to their sum: setting "4 GB" may allow up to 8 GB total before
116 | ## hibernating.
117 | ##
118 | ## Set a maximum of 4 gigabytes each way per period.
119 | #AccountingMax 4 GB
120 | ## Each period starts daily at midnight (AccountingMax is per day)
121 | #AccountingStart day 00:00
122 | ## Each period starts on the 3rd of the month at 15:00 (AccountingMax
123 | ## is per month)
124 | #AccountingStart month 3 15:00
125 | 
126 | ## Contact info to be published in the directory, so we can contact you
127 | ## if your relay is misconfigured or something else goes wrong. Google
128 | ## indexes this, so spammers might also collect it.
129 | #ContactInfo Random Person <nobody AT example dot com>
130 | ## You might also include your PGP or GPG fingerprint if you have one:
131 | #ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
132 | 
133 | ## Uncomment this to mirror directory information for others. Please do
134 | ## if you have enough bandwidth.
135 | #DirPort 9030 # what port to advertise for directory connections
136 | ## If you want to listen on a port other than the one advertised in
137 | ## DirPort (e.g. to advertise 80 but bind to 9091), you can do it as
138 | ## follows.  below too. You'll need to do ipchains or other port
139 | ## forwarding yourself to make this work.
140 | #DirPort 80 NoListen
141 | #DirPort 127.0.0.1:9091 NoAdvertise
142 | ## Uncomment to return an arbitrary blob of html on your DirPort. Now you
143 | ## can explain what Tor is if anybody wonders why your IP address is
144 | ## contacting them. See contrib/tor-exit-notice.html in Tor's source
145 | ## distribution for a sample.
146 | #DirPortFrontPage /etc/tor/tor-exit-notice.html
147 | 
148 | ## Uncomment this if you run more than one Tor relay, and add the identity
149 | ## key fingerprint of each Tor relay you control, even if they're on
150 | ## different networks. You declare it here so Tor clients can avoid
151 | ## using more than one of your relays in a single circuit. See
152 | ## https://www.torproject.org/docs/faq#MultipleRelays
153 | ## However, you should never include a bridge's fingerprint here, as it would
154 | ## break its concealability and potentionally reveal its IP/TCP address.
155 | #MyFamily $keyid,$keyid,...
156 | 
157 | ## A comma-separated list of exit policies. They're considered first
158 | ## to last, and the first match wins. If you want to _replace_
159 | ## the default exit policy, end this with either a reject *:* or an
160 | ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
161 | ## default exit policy. Leave commented to just use the default, which is
162 | ## described in the man page or at
163 | ## https://www.torproject.org/documentation.html
164 | ##
165 | ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
166 | ## for issues you might encounter if you use the default exit policy.
167 | ##
168 | ## If certain IPs and ports are blocked externally, e.g. by your firewall,
169 | ## you should update your exit policy to reflect this -- otherwise Tor
170 | ## users will be told that those destinations are down.
171 | ##
172 | ## For security, by default Tor rejects connections to private (local)
173 | ## networks, including to your public IP address. See the man page entry
174 | ## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
175 | ##
176 | #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
177 | #ExitPolicy accept *:119 # accept nntp as well as default exit policy
178 | #ExitPolicy reject *:* # no exits allowed
179 | 
180 | ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
181 | ## main directory. Since there is no complete public list of them, even an
182 | ## ISP that filters connections to all the known Tor relays probably
183 | ## won't be able to block all the bridges. Also, websites won't treat you
184 | ## differently because they won't know you're running Tor. If you can
185 | ## be a real relay, please do; but if not, be a bridge!
186 | #BridgeRelay 1
187 | ## By default, Tor will advertise your bridge to users through various
188 | ## mechanisms like https://bridges.torproject.org/. If you want to run
189 | ## a private bridge, for example because you'll give out your bridge
190 | ## address manually to your friends, uncomment this line:
191 | #PublishServerDescriptor 0
192 | 
193 | 


--------------------------------------------------------------------------------