torrc - tails

1. root@amnesia:/etc/tor# cat torrc
2. ## Configuration file for a typical Tor user
3. ## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
4. ## (May or may not work for much older or much newer versions of Tor.)
5. ##
6. ## Lines that begin with "## " try to explain what's going on. Lines
7. ## that begin with just "#" are disabled commands: you can enable them
8. ## by removing the "#" symbol.
9. ##
10. ## See the man page, or https://www.torproject.org/tor-manual-dev.html,
11. ## for more options you can use in this file.
12. ##
13. ## Tor will look for this file in various places based on your platform:
14. ## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc
15.  
16.  
17. ## Default SocksPort
18. SocksPort 127.0.0.1:9050 IsolateDestAddr IsolateDestPort
19. ## SocksPort for the MUA
20. SocksPort 127.0.0.1:9061 IsolateDestAddr
21. ## SocksPort for Tails-specific applications
22. SocksPort 127.0.0.1:9062 IsolateDestAddr IsolateDestPort
23. ## SocksPort for the default web browser
24. SocksPort 127.0.0.1:9151
25.  
26. ## Entry policies to allow/deny SOCKS requests based on IP address.
27. ## First entry that matches wins. If no SocksPolicy is set, we accept
28. ## all (and only) requests from SocksListenAddress.
29. #SocksPolicy accept 192.168.0.0/16
30. #SocksPolicy reject *
31.  
32. ## Logs go to stdout at level "notice" unless redirected by something
33. ## else, like one of the below lines. You can have as many Log lines as
34. ## you want.
35. ##
36. ## We advise using "notice" in most cases, since anything more verbose
37. ## may provide sensitive information to an attacker who obtains the logs.
38. ##
39. ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
40. #Log notice file /var/log/tor/notices.log
41. ## Send every possible message to /var/log/tor/debug.log
42. #Log debug file /var/log/tor/debug.log
43. ## Use the system log instead of Tor's logfiles
44. #Log notice syslog
45. ## To send all messages to stderr:
46. #Log debug stderr
47.  
48. ## Uncomment this to start the process in the background... or use
49. ## --runasdaemon 1 on the command line. This is ignored on Windows;
50. ## see the FAQ entry if you want Tor to run as an NT service.
51. #RunAsDaemon 1
52.  
53. ## The directory for keeping all the keys/etc. By default, we store
54. ## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
55. #DataDirectory /var/lib/tor
56.  
57. ## The port on which Tor will listen for local connections from Tor
58. ## controller applications, as documented in control-spec.txt.
59. ControlPort 9051
60. ControlListenAddress 127.0.0.1
61.  
62. ############### This section is just for location-hidden services ###
63.  
64. ## Once you have configured a hidden service, you can look at the
65. ## contents of the file ".../hidden_service/hostname" for the address
66. ## to tell people.
67. ##
68. ## HiddenServicePort x y:z says to redirect requests on port x to the
69. ## address y:z.
70.  
71. #HiddenServiceDir /var/lib/tor/hidden_service/
72. #HiddenServicePort 80 127.0.0.1:80
73.  
74. #HiddenServiceDir /var/lib/tor/other_hidden_service/
75. #HiddenServicePort 80 127.0.0.1:80
76. #HiddenServicePort 22 127.0.0.1:22
77.  
78. ################ This section is just for relays #####################
79. #
80. ## See https://www.torproject.org/docs/tor-doc-relay for details.
81.  
82. ## A unique handle for your server.
83. #Nickname ididnteditheconfig
84.  
85. ## The IP or FQDN for your server. Leave commented out and Tor will guess.
86. #Address noname.example.com
87.  
88. ## Define these to limit the bandwidth usage of relayed (server)
89. ## traffic. Your own traffic is still unthrottled.
90. ## Note that RelayBandwidthRate must be at least 20 KB.
91. #RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)
92. #RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)
93.  
94. ## Contact info to be published in the directory, so we can contact you
95. ## if your server is misconfigured or something else goes wrong.
96. #ContactInfo Random Person <nobody AT example dot com>
97. ## You might also include your PGP or GPG fingerprint if you have one:
98. #ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
99.  
100. ## Required: what port to advertise for Tor connections.
101. #ORPort 9001
102. ## If you need to listen on a port other than the one advertised
103. ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
104. ## line below too. You'll need to do ipchains or other port forwarding
105. ## yourself to make this work.
106. #ORListenAddress 0.0.0.0:9090
107.  
108. ## Uncomment this to mirror directory information for others. Please do
109. ## if you have enough bandwidth.
110. #DirPort 9030 # what port to advertise for directory connections
111. ## If you need to listen on a port other than the one advertised
112. ## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
113. ## below too. You'll need to do ipchains or other port forwarding yourself
114. ## to make this work.
115. #DirListenAddress 0.0.0.0:9091
116.  
117. ## Uncomment this if you run more than one Tor server, and add the
118. ## nickname of each Tor server you control, even if they're on different
119. ## networks. You declare it here so Tor clients can avoid using more than
120. ## one of your servers in a single circuit. See
121. ## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
122. #MyFamily nickname1,nickname2,...
123.  
124. ## A comma-separated list of exit policies. They're considered first
125. ## to last, and the first match wins. If you want to _replace_
126. ## the default exit policy, end this with either a reject *:* or an
127. ## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
128. ## default exit policy. Leave commented to just use the default, which is
129. ## available in the man page or at https://www.torproject.org/documentation.html
130. ##
131. ## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
132. ## for issues you might encounter if you use the default exit policy.
133. ##
134. ## If certain IPs and ports are blocked externally, e.g. by your firewall,
135. ## you should update your exit policy to reflect this -- otherwise Tor
136. ## users will be told that those destinations are down.
137. ##
138. #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
139. #ExitPolicy accept *:119 # accept nntp as well as default exit policy
140. #ExitPolicy reject *:* # no exits allowed
141. #
142. ################ This section is just for bridge relays ##############
143. #
144. ## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
145. ## main directory. Since there is no complete public list of them, even if an
146. ## ISP is filtering connections to all the known Tor relays, they probably
147. ## won't be able to block all the bridges. Unlike running an exit relay,
148. ## running a bridge relay just passes data to and from the Tor network --
149. ## so it shouldn't expose the operator to abuse complaints.
150.  
151. #ORPort 443
152. #BridgeRelay 1
153. #RelayBandwidthRate 50KBytes
154. #ExitPolicy reject *:*
155.  
156.  
157. ################ Local settings ########################################
158.  
159. ## Torified DNS
160. DNSPort 5353
161. AutomapHostsOnResolve 1
162. AutomapHostsSuffixes .exit,.onion
163.  
164. ## Transparent proxy
165. TransPort 9040
166. TransListenAddress 127.0.0.1
167.  
168. ## Misc
169. AvoidDiskWrites 1
170.  
171. ## We don't care if applications do their own DNS lookups since our Tor
172. ## enforcement will handle it safely.
173. WarnUnsafeSocks 0