/usr/share/arm/settings.cfg

# Important tor configuration options (shown by default)
config.important BandwidthRate
config.important BandwidthBurst
config.important RelayBandwidthRate
config.important RelayBandwidthBurst
config.important ControlPort
config.important HashedControlPassword
config.important CookieAuthentication
config.important DataDirectory
config.important Log
config.important RunAsDaemon
config.important User

config.important Bridge
config.important ExcludeNodes
config.important MaxCircuitDirtiness
config.important SocksPort
config.important UseBridges

config.important BridgeRelay
config.important ContactInfo
config.important ExitPolicy
config.important MyFamily
config.important Nickname
config.important ORPort
config.important PortForwarding
config.important AccountingMax
config.important AccountingStart

config.important DirPortFrontPage
config.important DirPort

config.important HiddenServiceDir
config.important HiddenServicePort

# Summary descriptions for Tor configuration options
# General Config Options
config.summary.BandwidthRate Average bandwidth usage limit
config.summary.BandwidthBurst Maximum bandwidth usage limit
config.summary.MaxAdvertisedBandwidth Limit for the bandwidth we advertise as being available for relaying
config.summary.RelayBandwidthRate Average bandwidth usage limit for relaying
config.summary.RelayBandwidthBurst Maximum bandwidth usage limit for relaying
config.summary.PerConnBWRate Average relayed bandwidth limit per connection
config.summary.PerConnBWBurst Maximum relayed bandwidth limit per connection
config.summary.ConnLimit Minimum number of file descriptors for Tor to start
config.summary.ConstrainedSockets Shrinks sockets to ConstrainedSockSize
config.summary.ConstrainedSockSize Limit for the received and transmit buffers of sockets
config.summary.ControlPort Port providing access to tor controllers (arm, vidalia, etc)
config.summary.ControlListenAddress Address providing controller access
config.summary.ControlSocket Socket providing controller access
config.summary.HashedControlPassword Hash of the password for authenticating to the control port
config.summary.CookieAuthentication If set, authenticates controllers via a cookie
config.summary.CookieAuthFile Location of the authentication cookie
config.summary.CookieAuthFileGroupReadable Group read permissions for the authentication cookie
config.summary.ControlPortWriteToFile Path for a file tor writes containing its control port
config.summary.ControlPortFileGroupReadable Group read permissions for the control port file
config.summary.DataDirectory Location for storing runtime data (state, keys, etc)
config.summary.DirServer Alternative directory authorities
config.summary.AlternateDirAuthority Alternative directory authorities (consensus only)
config.summary.AlternateHSAuthority Alternative directory authorities (hidden services only)
config.summary.AlternateBridgeAuthority Alternative directory authorities (bridges only)
config.summary.DisableAllSwap Locks all allocated memory so they can't be paged out
config.summary.FetchDirInfoEarly Keeps consensus information up to date, even if unnecessary
config.summary.FetchDirInfoExtraEarly Updates consensus information when it's first available
config.summary.FetchHidServDescriptors Toggles if hidden service descriptors are fetched automatically or not
config.summary.FetchServerDescriptors Toggles if the consensus is fetched automatically or not
config.summary.FetchUselessDescriptors Toggles if relay descriptors are fetched when they aren't strictly necessary
config.summary.Group GID for the process when started
config.summary.HttpProxy HTTP proxy for connecting to tor
config.summary.HttpProxyAuthenticator Authentication credentials for HttpProxy
config.summary.HttpsProxy SSL proxy for connecting to tor
config.summary.HttpsProxyAuthenticator Authentication credentials for HttpsProxy
config.summary.Socks4Proxy SOCKS 4 proxy for connecting to tor
config.summary.Socks5Proxy SOCKS 5 for connecting to tor
config.summary.Socks5ProxyUsername Username for connecting to the Socks5Proxy
config.summary.Socks5ProxyPassword Password for connecting to the Socks5Proxy
config.summary.KeepalivePeriod Rate at which to send keepalive packets
config.summary.Log Runlevels and location for tor logging
config.summary.LogMessageDomains Includes a domain when logging messages
config.summary.OutboundBindAddress Sets the IP used for connecting to tor
config.summary.PidFile Path for a file tor writes containing its process id
config.summary.ProtocolWarnings Toggles if protocol errors give warnings or not
config.summary.RunAsDaemon Toggles if tor runs as a daemon process
config.summary.LogTimeGranularity limits granularity of log message timestamps
config.summary.SafeLogging Toggles if logs are scrubbed of sensitive information
config.summary.User UID for the process when started
config.summary.HardwareAccel Toggles if tor attempts to use hardware acceleration
config.summary.AccelName OpenSSL engine name for crypto acceleration
config.summary.AccelDir Crypto acceleration library path
config.summary.AvoidDiskWrites Toggles if tor avoids frequently writing to disk
config.summary.TunnelDirConns Toggles if directory requests can be made over the ORPort
config.summary.PreferTunneledDirConns Avoids directory requests that can't be made over the ORPort if set
config.summary.CircuitPriorityHalflife Overwrite method for prioritizing traffic among relayed connections
config.summary.DisableIOCP Disables use of the Windows IOCP networking API
config.summary.CountPrivateBandwidth Applies rate limiting to private IP addresses

# Client Config Options
config.summary.AllowInvalidNodes Permits use of relays flagged as invalid by authorities
config.summary.ExcludeSingleHopRelays Permits use of relays that allow single hop connections
config.summary.Bridge Available bridges
config.summary.LearnCircuitBuildTimeout Toggles adaptive timeouts for circuit creation
config.summary.CircuitBuildTimeout Initial timeout for circuit creation
config.summary.CircuitIdleTimeout Timeout for closing circuits that have never been used
config.summary.CircuitStreamTimeout Timeout for shifting streams among circuits
config.summary.ClientOnly Ensures that we aren't used as a relay or directory mirror
config.summary.ExcludeNodes Relays or locales never to be used in circuits
config.summary.ExcludeExitNodes Relays or locales never to be used for exits
config.summary.ExitNodes Preferred final hop for circuits
config.summary.EntryNodes Preferred first hops for circuits
config.summary.StrictNodes Never uses notes outside of Entry/ExitNodes
config.summary.FascistFirewall Only make outbound connections on FirewallPorts
config.summary.FirewallPorts Ports used by FascistFirewall
config.summary.HidServAuth Authentication credentials for connecting to a hidden service
config.summary.ReachableAddresses Rules for bypassing the local firewall
config.summary.ReachableDirAddresses Rules for bypassing the local firewall (directory fetches)
config.summary.ReachableORAddresses Rules for bypassing the local firewall (OR connections)
config.summary.LongLivedPorts Ports requiring highly reliable relays
config.summary.MapAddress Alias mappings for address requests
config.summary.NewCircuitPeriod Period for considering the creation of new circuits
config.summary.MaxCircuitDirtiness Duration for reusing constructed circuits
config.summary.NodeFamily Define relays as belonging to a family
config.summary.EnforceDistinctSubnets Prevent use of multiple relays from the same subnet on a circuit
config.summary.SocksPort Port for using tor as a Socks proxy
config.summary.SocksListenAddress Address from which Socks connections can be made
config.summary.SocksPolicy Access policy for the pocks port
config.summary.SocksTimeout Time until idle or unestablished socks connections are closed
config.summary.TrackHostExits Maintains use of the same exit whenever connecting to this destination
config.summary.TrackHostExitsExpire Time until use of an exit for tracking expires
config.summary.UpdateBridgesFromAuthority Toggles fetching bridge descriptors from the authorities
config.summary.UseBridges Make use of configured bridges
config.summary.UseEntryGuards Use guard relays for first hop
config.summary.NumEntryGuards Pool size of guard relays we'll select from
config.summary.SafeSocks Toggles rejecting unsafe variants of the socks protocol
config.summary.TestSocks Provide notices for if socks connections are of the safe or unsafe variants
config.summary.WarnUnsafeSocks Toggle warning of unsafe socks connection
config.summary.VirtualAddrNetwork Address range used with MAPADDRESS
config.summary.AllowNonRFC953Hostnames Toggles blocking invalid characters in hostname resolution
config.summary.AllowDotExit Toggles allowing exit notation in addresses
config.summary.FastFirstHopPK Toggle public key usage for the first hop
config.summary.TransPort Port for transparent proxying if the OS supports it
config.summary.TransListenAddress Address from which transparent proxy connections can be made
config.summary.NATDPort Port for forwarding ipfw NATD connections
config.summary.NATDListenAddress Address from which NATD forwarded connections can be made
config.summary.AutomapHostsOnResolve Map addresses ending with special suffixes to virtual addresses
config.summary.AutomapHostsSuffixes Address suffixes recognized by AutomapHostsOnResolve
config.summary.DNSPort Port from which DNS responses are fetched instead of tor
config.summary.DNSListenAddress Address for performing DNS resolution
config.summary.ClientDNSRejectInternalAddresses Ignores DNS responses for internal addresses
config.summary.ClientRejectInternalAddresses Disables use of Tor for internal connections
config.summary.DownloadExtraInfo Toggles fetching of extra information about relays
config.summary.FallbackNetworkstatusFile Path for a fallback cache of the consensus
config.summary.WarnPlaintextPorts Toggles warnings for using risky ports
config.summary.RejectPlaintextPorts Prevents connections on risky ports
config.summary.AllowSingleHopCircuits Makes use of single hop exits if able

# Server Config Options
config.summary.Address Overwrites address others will use to reach this relay
config.summary.AllowSingleHopExits Toggles permitting use of this relay as a single hop proxy
config.summary.AssumeReachable Skips reachability test at startup
config.summary.BridgeRelay Act as a bridge
config.summary.ContactInfo Contact information for this relay
config.summary.ExitPolicy Traffic destinations that can exit from this relay
config.summary.ExitPolicyRejectPrivate Prevent exiting connection on the local network
config.summary.MaxOnionsPending Decryption queue size
config.summary.MyFamily Other relays this operator administers
config.summary.Nickname Identifier for this relay
config.summary.NumCPUs Number of processes spawned for decryption
config.summary.ORPort Port used to accept relay traffic
config.summary.ORListenAddress Address for relay connections
config.summary.PortForwarding Use UPnP or NAT-PMP if needed to relay
config.summary.PortForwardingHelper Executable for configuring port forwarding
config.summary.PublishServerDescriptor Types of descriptors published
config.summary.ShutdownWaitLength Delay before quitting after receiving a SIGINT signal
config.summary.HeartbeatPeriod Rate at which an INFO level heartbeat message is sent
config.summary.AccountingMax Amount of traffic before hibernating
config.summary.AccountingStart Duration of an accounting period
config.summary.RefuseUnknownExits Prevents relays not in the consensus from using us as an exit
config.summary.ServerDNSResolvConfFile Overriding resolver config for DNS queries we provide
config.summary.ServerDNSAllowBrokenConfig Toggles if we persist despite configuration parsing errors or not
config.summary.ServerDNSSearchDomains Toggles if our DNS queries search for addresses in the local domain
config.summary.ServerDNSDetectHijacking Toggles testing for DNS hijacking
config.summary.ServerDNSTestAddresses Addresses to test to see if valid DNS queries are being hijacked
config.summary.ServerDNSAllowNonRFC953Hostnames Toggles if we reject DNS queries with invalid characters
config.summary.BridgeRecordUsageByCountry Tracks geoip information on bridge usage
config.summary.ServerDNSRandomizeCase Toggles DNS query case randomization
config.summary.GeoIPFile Path to file containing geoip information
config.summary.CellStatistics Toggles storing circuit queue duration to disk
config.summary.DirReqStatistics Toggles storing network status counts and performance to disk
config.summary.EntryStatistics Toggles storing client connection counts to disk
config.summary.ExitPortStatistics Toggles storing traffic and port usage data to disk
config.summary.ConnDirectionStatistics Toggles storing connection use to disk
config.summary.ExtraInfoStatistics Publishes statistic data in the extra-info documents

# Directory Server Options
config.summary.AuthoritativeDirectory Act as a directory authority
config.summary.DirPortFrontPage Publish this html file on the DirPort
config.summary.V1AuthoritativeDirectory Generates a version 1 consensus
config.summary.V2AuthoritativeDirectory Generates a version 2 consensus
config.summary.V3AuthoritativeDirectory Generates a version 3 consensus
config.summary.VersioningAuthoritativeDirectory Provides opinions on recommended versions of tor
config.summary.NamingAuthoritativeDirectory Provides opinions on fingerprint to nickname bindings
config.summary.HSAuthoritativeDir Toggles accepting hidden service descriptors
config.summary.HidServDirectoryV2 Toggles accepting version 2 hidden service descriptors
config.summary.BridgeAuthoritativeDir Acts as a bridge authority
config.summary.MinUptimeHidServDirectoryV2 Required uptime before accepting hidden service directory
config.summary.DirPort Port for directory connections
config.summary.DirListenAddress Address the directory service is bound to
config.summary.DirPolicy Access policy for the DirPort
config.summary.FetchV2Networkstatus Get the obsolete V2 consensus

# Directory Authority Server Options
config.summary.RecommendedVersions Tor versions believed to be safe
config.summary.RecommendedClientVersions Tor versions believed to be safe for clients
config.summary.RecommendedServerVersions Tor versions believed to be safe for relays
config.summary.ConsensusParams Params entry of the networkstatus vote
config.summary.DirAllowPrivateAddresses Toggles allowing arbitrary input or non-public IPs in descriptors
config.summary.AuthDirBadDir Relays to be flagged as bad directory caches
config.summary.AuthDirBadExit Relays to be flagged as bad exits
config.summary.AuthDirInvalid Relays from which the valid flag is withheld
config.summary.AuthDirReject Relays to be dropped from the consensus
config.summary.AuthDirListBadDirs Toggles if we provide an opinion on bad directory caches
config.summary.AuthDirListBadExits Toggles if we provide an opinion on bad exits
config.summary.AuthDirRejectUnlisted Rejects further relay descriptors
config.summary.AuthDirMaxServersPerAddr Limit on the number of relays accepted per ip
config.summary.AuthDirMaxServersPerAuthAddr Limit on the number of relays accepted per an authority's ip
config.summary.BridgePassword Password for requesting bridge information
config.summary.V3AuthVotingInterval Consensus voting interval
config.summary.V3AuthVoteDelay Wait time to collect votes of other authorities
config.summary.V3AuthDistDelay Wait time to collect the signatures of other authorities
config.summary.V3AuthNIntervalsValid Number of voting intervals a consensus is valid for
config.summary.V3BandwidthsFile Path to a file containing measured relay bandwidths
config.summary.V3AuthUseLegacyKey Signs consensus with both the current and legacy keys
config.summary.RephistTrackTime Discards old, unchanged reliability informaition

# Hidden Service Options
config.summary.HiddenServiceDir Directory contents for the hidden service
config.summary.HiddenServicePort Port the hidden service is provided on
config.summary.PublishHidServDescriptors Toggles automated publishing of the hidden service to the rendezvous directory
config.summary.HiddenServiceVersion Version for published hidden service descriptors
config.summary.HiddenServiceAuthorizeClient Restricts access to the hidden service
config.summary.RendPostPeriod Period at which the rendezvous service descriptors are refreshed

# Testing Network Options
config.summary.TestingTorNetwork Overrides other options to be a testing network
config.summary.TestingV3AuthInitialVotingInterval Overrides V3AuthVotingInterval for the first consensus
config.summary.TestingV3AuthInitialVoteDelay Overrides TestingV3AuthInitialVoteDelay for the first consensus
config.summary.TestingV3AuthInitialDistDelay Overrides TestingV3AuthInitialDistDelay for the first consensus
config.summary.TestingAuthDirTimeToLearnReachability Delay until opinions are given about which relays are running or not
config.summary.TestingEstimatedDescriptorPropagationTime Delay before clients attempt to fetch descriptors from directory caches

# Snippets from common log messages
# These are static bits of log messages, used to determine when entries with
# dynamic content (hostnames, numbers, etc) are the same. If this matches the
# start of both messages then the entries are flagged as duplicates. If the
# entry begins with an asterisk (*) then it checks if the substrings exist
# anywhere in the messages.
# 
# Examples for the complete messages:
# [BW] READ: 0, WRITTEN: 0
# [DEBUG] connection_handle_write(): After TLS write of 512: 0 read, 586 written
# [DEBUG] flush_chunk_tls(): flushed 512 bytes, 0 ready to flush, 0 remain.
# [DEBUG] conn_read_callback(): socket 7 wants to read.
# [DEBUG] conn_write_callback(): socket 51 wants to write.
# [DEBUG] connection_remove(): removing socket -1 (type OR), n_conns now 50
# [DEBUG] connection_or_process_cells_from_inbuf(): 7: starting, inbuf_datalen
#         0 (0 pending in tls object).
# [DEBUG] connection_read_to_buf(): 38: starting, inbuf_datalen 0 (0 pending in
#         tls object). at_most 12800.
# [DEBUG] connection_read_to_buf(): TLS connection closed on read. Closing.
#         (Nickname moria1, address 128.31.0.34)
# [INFO] run_connection_housekeeping(): Expiring non-open OR connection to fd
#        16 (79.193.61.171:443).
# [INFO] rep_hist_downrate_old_runs(): Discounting all old stability info by a
#        factor of 0.950000
# [NOTICE] Circuit build timeout of 96803ms is beyond the maximum build time we 
#          have ever observed. Capping it to 96107ms.
#   The above NOTICE changes to an INFO message in maint-0.2.2
# [NOTICE] Based on 1000 circuit times, it looks like we don't need to wait so 
#          long for circuits to finish. We will now assume a circuit is too slow
#          to use after waiting 65 seconds.
# [NOTICE] We stalled too much while trying to write 150 bytes to address
#          [scrubbed].  If this happens a lot, either something is wrong with
#          your network connection, or something is wrong with theirs. (fd 238,
#          type Directory, state 1, marked at main.c:702).
# [NOTICE] I learned some more directory information, but not enough to build a
#          circuit: We have only 469/2027 usable descriptors.
# [NOTICE] Attempt by %s to open a stream from unknown relay. Closing.
# [NOTICE] Bootstrapped 72%: Loading relay descriptors.
# [WARN] You specified a server "Amunet8" by name, but this name is not
#        registered
# [WARN] I have no descriptor for the router named "Amunet8" in my declared
#        family; I'll use the nickname as is, but this   may confuse clients.
# [WARN] Controller gave us config lines that didn't validate: Value
#        'BandwidthRate  ' is malformed or out of bounds.
# [WARN] Problem bootstrapping. Stuck at 80%: Connecting to the Tor network.
#        (Network is unreachable; NOROUTE; count 47;    recommendation warn)
# [WARN] 4 unknown, 1 missing key, 3 good, 0 bad, 1 no signature, 4 required
# [ARM_DEBUG] refresh rate: 0.001 seconds
# [ARM_DEBUG] proc call (process connections): /proc/net/[tcp|udp] (runtime: 0.0018)
# [ARM_DEBUG] system call: ps -p 2354 -o %cpu,rss,%mem,etime (runtime: 0.02)
# [ARM_DEBUG] system call: netstat -npt | grep 2354/tor (runtime: 0.02)
# [ARM_DEBUG] recreating panel 'graph' with the dimensions of 14/124
# [ARM_DEBUG] redrawing the log panel with the corrected content height (estimat was off by 4)
# [ARM_DEBUG] GETINFO accounting/bytes-left (runtime: 0.0006)
# [ARM_DEBUG] GETINFO traffic/read (runtime: 0.0004)
# [ARM_DEBUG] GETINFO traffic/written (runtime: 0.0002)
# [ARM_DEBUG] GETCONF MyFamily (runtime: 0.0007)
# [ARM_DEBUG] Unable to query process resource usage from ps, waiting 6.25 seconds (unrecognized output from ps: ...)

msg.BW READ:
msg.DEBUG connection_handle_write(): After TLS write of
msg.DEBUG flush_chunk_tls(): flushed
msg.DEBUG conn_read_callback(): socket
msg.DEBUG conn_write_callback(): socket
msg.DEBUG connection_remove(): removing socket
msg.DEBUG connection_or_process_cells_from_inbuf():
msg.DEBUG *pending in tls object). at_most
msg.DEBUG connection_read_to_buf(): TLS connection closed on read. Closing.
msg.INFO run_connection_housekeeping(): Expiring
msg.INFO rep_hist_downrate_old_runs(): Discounting all old stability info by a factor of
msg.INFO *build time we have ever observed. Capping it to
msg.NOTICE *build time we have ever observed. Capping it to
msg.NOTICE *We will now assume a circuit is too slow to use after waiting
msg.NOTICE We stalled too much while trying to write
msg.NOTICE I learned some more directory information, but not enough to build a circuit
msg.NOTICE Attempt by
msg.NOTICE *Loading relay descriptors.
msg.WARN You specified a server
msg.WARN I have no descriptor for the router named
msg.WARN Controller gave us config lines that didn't validate
msg.WARN Problem bootstrapping. Stuck at
msg.WARN *missing key,
msg.ARM_DEBUG refresh rate:
msg.ARM_DEBUG proc call (cwd):
msg.ARM_DEBUG proc call (memory usage):
msg.ARM_DEBUG proc call (process command
msg.ARM_DEBUG proc call (process utime
msg.ARM_DEBUG proc call (process stime
msg.ARM_DEBUG proc call (process start time
msg.ARM_DEBUG proc call (process connections):
msg.ARM_DEBUG system call: ps
msg.ARM_DEBUG system call: netstat
msg.ARM_DEBUG recreating panel '
msg.ARM_DEBUG redrawing the log panel with the corrected content height (
msg.ARM_DEBUG GETINFO accounting/bytes
msg.ARM_DEBUG GETINFO accounting/bytes-left
msg.ARM_DEBUG GETINFO accounting/interval-end
msg.ARM_DEBUG GETINFO accounting/hibernating
msg.ARM_DEBUG GETINFO traffic/read
msg.ARM_DEBUG GETINFO traffic/written
msg.ARM_DEBUG GETCONF
msg.ARM_DEBUG Unable to query process resource usage from ps

# configuration option attributes used in the relay setup wizard
wizard.message.role Welcome to the Tor network! This will step you through the configuration process for becoming a part of it. To start with, what role would you like to have?
wizard.message.relay Internal relays provide connections within the Tor network. Since you will only be connecting to Tor users and relays this is an easy, hassle free way of helping to make the network better.
wizard.message.exit Exits connect between the Tor network and the outside Internet. This is the most vitally important role you can take, but it also needs some forethought. Please read 'http://www.atagar.com/torExitTips/' before proceeding further to avoid any nasty surprises!
wizard.message.bridge Bridges are non-public relays used as stepping stones for censored users for accessing the Tor network.
wizard.message.client This will make use of the Tor network without contributing to it. For easy, pre-configured setups that will help you to use Tor safely see 'http://www.atagar.com/torUsageTips/'.

wizard.toggle Notify => Yes, No
wizard.toggle Client => Enabled, Disabled
wizard.toggle Lowports => Yes, No
wizard.toggle Portforward => Enabled, Disabled
wizard.toggle Startup => Yes, No
wizard.toggle Rshutdown => Yes, No
wizard.toggle Cshutdown => Yes, No
wizard.toggle System => Yes, No
wizard.toggle Notice => Yes, No
wizard.toggle Policy => Custom, Default
wizard.toggle Websites => Allow, Block
wizard.toggle Email => Allow, Block
wizard.toggle Im => Allow, Block
wizard.toggle Misc => Allow, Block
wizard.toggle Plaintext => Allow, Block
wizard.toggle Distribute => Automated, Manual
wizard.toggle Bridged => Yes, No

# the following options haven't been implemented yet
wizard.disabled Notify
wizard.disabled Startup

wizard.suboptions Websites
wizard.suboptions Email
wizard.suboptions Im
wizard.suboptions Misc
wizard.suboptions Plaintext
wizard.suboptions Bridge1
wizard.suboptions Bridge2
wizard.suboptions Bridge3

wizard.default Control => 9052
wizard.default Notify => true
wizard.default Bandwidth => 5 MB/s
wizard.default Startup => true
wizard.default Rshutdown => false
wizard.default Cshutdown => true
wizard.default System => true
wizard.default Client => false
wizard.default Lowports => true
wizard.default Portforward => true
wizard.default Notice => true
wizard.default Policy => false
wizard.default Websites => true
wizard.default Email => true
wizard.default Im => true
wizard.default Misc => true
wizard.default Plaintext => true
wizard.default Distribute => true
wizard.default Bridged => false
wizard.default Reuse => 10 minutes

wizard.blankValue Nickname => Unnamed
wizard.blankValue Bridge1 => <ip address>:<port>
wizard.blankValue Bridge2 => <ip address>:<port>
wizard.blankValue Bridge3 => <ip address>:<port>

wizard.label.general Cancel => Cancel
wizard.label.general Back => Previous
wizard.label.general Next => Next
wizard.label.role Resume => Use Last Configuration
wizard.label.role Relay => Internal Relay
wizard.label.role Exit => Exit Relay
wizard.label.role Bridge => Bridge
wizard.label.role Client => Client
wizard.label.opt Nickname => Nickname
wizard.label.opt Contact => Contact Information
wizard.label.opt Notify => Issue Notification
wizard.label.opt Bandwidth => Relay Speed
wizard.label.opt Limit => Monthly Limit
wizard.label.opt Client => Client Usage
wizard.label.opt Lowports => Use Popular Ports
wizard.label.opt Portforward => Port Forwarding
wizard.label.opt Startup => Run At Startup
wizard.label.opt Rshutdown => Shutdown With Arm
wizard.label.opt Cshutdown => Shutdown With Arm
wizard.label.opt System => Use System Instance
wizard.label.opt Notice => Disclaimer Notice
wizard.label.opt Policy => Exit Policy
wizard.label.opt Websites => Web Browsing
wizard.label.opt Email => Receiving Email
wizard.label.opt Im => Instant Messaging
wizard.label.opt Misc => Other Services
wizard.label.opt Plaintext => Unencrypted Traffic
wizard.label.opt Distribute => Distribution
wizard.label.opt Bridged => Use Bridges
wizard.label.opt Bridge1 => First Bridge
wizard.label.opt Bridge2 => Second Bridge
wizard.label.opt Bridge3 => Third Bridge
wizard.label.opt Reuse => Circuit Duration

wizard.description.general Cancel => Close without starting Tor.
wizard.description.role Resume => Start Tor with the last configuration you made.
wizard.description.role Relay => Provides interconnections with other Tor relays. This is a safe and easy way of making the network better.
wizard.description.role Exit => Connects between Tor network and the outside Internet. This is a vital role, but can lead to abuse complaints.
wizard.description.role Bridge => Non-public relay specifically for helping censored users.
wizard.description.role Client => Use the network without contributing to it.
wizard.description.opt Nickname => Human friendly name for your relay. If this is unique then it's used instead of your fingerprint (a forty character hex string) when pages like TorStatus refer to you.
wizard.description.opt Contact => Address we can contact you at if there's a problem with your relay. This is public information so, if it looks like an email address, we'll obscure it a bit.
wizard.description.opt Notify => Sends automated email notifications to the above address if your relay is unreachable or out of date. This service is provided by Tor Weather (https://weather.torproject.org/) and will send you a confirmation email before it's started.
wizard.description.opt Bandwidth => Limit for the average rate at which you relay traffic.
wizard.description.opt Limit => Maximum amount of traffic to relay each month. Some ISPs, like Comcast, cap their customer's Internet usage so this is an easy way of staying below that limit.
wizard.description.opt Client => Enable this if you would like to use Tor yourself. This opens or closes the SOCKS port used by applications for connecting to Tor.
wizard.description.opt Lowports => Relays using port 443 rather than 9001. This helps some users that would otherwise be blocked, but requires that tor is started with root permissions (after that it lowers itself to those of the current user).
wizard.description.opt Portforward => If needed, attempts NAT traversal using UPnP and NAT-PMP. This allows for automatic port forwarding on most home routers.
wizard.description.opt Startup => Runs Tor in the background when the system starts.
wizard.description.opt Rshutdown => When you quit arm the Tor process is stopped thirty seconds later. This delay is so people using you can gracefully switch their circuits.
wizard.description.opt Cshutdown => Stops the Tor process when you quit arm.
wizard.description.opt System => Use the system wide tor instance rather than making one of our own.
wizard.description.opt Notice => Provides a disclaimer that this is an exit on port 80 (http://www.atagar.com/exitNotice).
wizard.description.opt Policy => Ports allowed to exit from your relay. The default policy allows for common services while limiting the chance of getting a DMCA takedown for torrent traffic (http://www.atagar.com/exitPolicy).
wizard.description.opt Websites => General Internet browsing including HTTP (80), HTTPS (443), common alternatives (81, 8008), and proxies (3128, 8080)
wizard.description.opt Email => Protocols for receiving, but not sending email. This includes POP3 (110), POP3S (995), IMAP (143, 220), and IMAPS (993).
wizard.description.opt Im => Common instant messaging protocols including Jabber, IRC, ICQ, AIM, Yahoo, MSN, SILC, GroupWise, Gadu-Gadu, Sametime, and Zephyr.
wizard.description.opt Misc => Protocols from the default policy that aren't among the above.
wizard.description.opt Plaintext => When blocked the policy will exclude ports that aren't commonly encrypted.
wizard.description.opt Distribute => If automated then we'll attempt to get your bridge to censored users (email auto-responders, activist networks, etc). Otherwise it'll be up to you to distribute the bridge address to people who need it.
wizard.description.opt Bridged => If you're being blocked from Tor then bridges provide a stepping stone you can use to connect. To get bridges visit 'https://bridges.torproject.org/' and enter the IP/port into the following entries (for instance "141.201.27.48:443").
wizard.description.opt Bridge1 => Bridge used to connect to the Tor network.
wizard.description.opt Bridge2 => Fallback bridge used for connecting if the first is unavailable.
wizard.description.opt Bridge3 => Fallback bridge used for connecting if neither of the first two are available.
wizard.description.opt Reuse => Duration that circuits will be reused before replacements are made for new connections. It's good to periodically change the route you use, but making circuits takes a fair bit of work so don't set this to be too low.

# some config options are fetched via special values
torrc.map HiddenServiceDir => HiddenServiceOptions
torrc.map HiddenServicePort => HiddenServiceOptions
torrc.map HiddenServiceVersion => HiddenServiceOptions
torrc.map HiddenServiceAuthorizeClient => HiddenServiceOptions
torrc.map HiddenServiceOptions => HiddenServiceOptions

# valid torrc aliases from the _option_abbrevs struct of src/or/config.c
# These couldn't be requested via GETCONF (in 0.2.1.19), but I think this has
# been fixed. Discussion is in:
# https://trac.torproject.org/projects/tor/ticket/1802
# 
# TODO: This workaround should be dropped after a few releases.
torrc.alias l => Log
torrc.alias AllowUnverifiedNodes => AllowInvalidNodes
torrc.alias AutomapHostSuffixes => AutomapHostsSuffixes
torrc.alias AutomapHostOnResolve => AutomapHostsOnResolve
torrc.alias BandwidthRateBytes => BandwidthRate
torrc.alias BandwidthBurstBytes => BandwidthBurst
torrc.alias DirFetchPostPeriod => StatusFetchPeriod
torrc.alias MaxConn => ConnLimit
torrc.alias ORBindAddress => ORListenAddress
torrc.alias DirBindAddress => DirListenAddress
torrc.alias SocksBindAddress => SocksListenAddress
torrc.alias UseHelperNodes => UseEntryGuards
torrc.alias NumHelperNodes => NumEntryGuards
torrc.alias UseEntryNodes => UseEntryGuards
torrc.alias NumEntryNodes => NumEntryGuards
torrc.alias ResolvConf => ServerDNSResolvConfFile
torrc.alias SearchDomains => ServerDNSSearchDomains
torrc.alias ServerDNSAllowBrokenResolvConf => ServerDNSAllowBrokenConfig
torrc.alias PreferTunnelledDirConns => PreferTunneledDirConns
torrc.alias BridgeAuthoritativeDirectory => BridgeAuthoritativeDir
torrc.alias StrictEntryNodes => StrictNodes
torrc.alias StrictExitNodes => StrictNodes

# using the following entry is problematic, despite being among the
# __option_abbrevs mappings
#torrc.alias HashedControlPassword => __HashedControlSessionPassword

# size and time modifiers allowed by config.c
torrc.label.size.b b, byte, bytes
torrc.label.size.kb kb, kbyte, kbytes, kilobyte, kilobytes
torrc.label.size.mb m, mb, mbyte, mbytes, megabyte, megabytes
torrc.label.size.gb gb, gbyte, gbytes, gigabyte, gigabytes
torrc.label.size.tb tb, terabyte, terabytes
torrc.label.time.sec second, seconds
torrc.label.time.min minute, minutes
torrc.label.time.hour hour, hours
torrc.label.time.day day, days
torrc.label.time.week week, weeks

# Common usages for ports based on:
# https://secure.wikimedia.org/wikipedia/en/wiki/List_of_TCP_and_UDP_port_numbers
# http://isc.sans.edu/services.html
# 
# Including all the official low ports (< 1024), and higher ones I recognize.

port.label.1 TCPMUX
port.label.2 CompressNET
port.label.3 CompressNET
port.label.5 RJE
port.label.7 Echo
port.label.9 Discard
port.label.11 SYSTAT
port.label.13 Daytime
port.label.15 netstat
port.label.17 QOTD
port.label.18 MSP
port.label.19 CHARGEN
port.label.20 FTP
port.label.21 FTP
port.label.22 SSH
port.label.23 Telnet
port.label.24 Priv-mail
port.label.25 SMTP
port.label.34 RF
port.label.35 Printer
port.label.37 TIME
port.label.39 RLP
port.label.41 Graphics
port.label.42 WINS
port.label.43 WHOIS
port.label.47 NI FTP
port.label.49 TACACS
port.label.50 Remote Mail
port.label.51 IMP
port.label.52 XNS
port.label.53 DNS
port.label.54 XNS
port.label.55 ISI-GL
port.label.56 RAP
port.label.57 MTP
port.label.58 XNS
port.label.67 BOOTP
port.label.68 BOOTP
port.label.69 TFTP
port.label.70 Gopher
port.label.79 Finger
port.label.80 HTTP
port.label.81 HTTP Alternate
port.label.82 Torpark
port.label.83 MIT ML
port.label.88 Kerberos
port.label.90 dnsix
port.label.99 WIP
port.label.101 NIC
port.label.102 ISO-TSAP
port.label.104 ACR/NEMA
port.label.105 CCSO
port.label.107 Telnet
port.label.108 SNA
port.label.109 POP2
port.label.110 POP3
port.label.111 ONC RPC
port.label.113 ident
port.label.115 SFTP
port.label.117 UUCP
port.label.118 SQL
port.label.119 NNTP
port.label.123 NTP
port.label.135 DCE
port.label.137 NetBIOS
port.label.138 NetBIOS
port.label.139 NetBIOS
port.label.143 IMAP
port.label.152 BFTP
port.label.153 SGMP
port.label.156 SQL
port.label.158 DMSP
port.label.161 SNMP
port.label.162 SNMPTRAP
port.label.170 Print-srv
port.label.177 XDMCP
port.label.179 BGP
port.label.194 IRC
port.label.199 SMUX
port.label.201 AppleTalk
port.label.209 QMTP
port.label.210 ANSI
port.label.213 IPX
port.label.218 MPP
port.label.220 IMAP
port.label.256 2DEV
port.label.259 ESRO
port.label.264 BGMP
port.label.308 Novastor
port.label.311 OSX Admin
port.label.318 PKIX TSP
port.label.319 PTP
port.label.320 PTP
port.label.323 IMMP
port.label.350 MATIP
port.label.351 MATIP
port.label.366 ODMR
port.label.369 Rpc2portmap
port.label.370 codaauth2
port.label.371 ClearCase
port.label.383 HP Alarm Mgr
port.label.384 ARNS
port.label.387 AURP
port.label.389 LDAP
port.label.401 UPS
port.label.402 Altiris
port.label.427 SLP
port.label.443 HTTPS
port.label.444 SNPP
port.label.445 SMB
port.label.464 Kerberos (kpasswd)
port.label.465 SMTP
port.label.475 tcpnethaspsrv
port.label.497 Retrospect
port.label.500 ISAKMP
port.label.501 STMF
port.label.502 Modbus
port.label.504 Citadel
port.label.510 FirstClass
port.label.512 Rexec
port.label.513 rlogin
port.label.514 rsh
port.label.515 LPD
port.label.517 Talk
port.label.518 NTalk
port.label.520 efs
port.label.524 NCP
port.label.530 RPC
port.label.531 AIM/IRC
port.label.532 netnews
port.label.533 netwall
port.label.540 UUCP
port.label.542 commerce
port.label.543 Kerberos (klogin)
port.label.544 Kerberos (kshell)
port.label.545 OSISoft PI
port.label.546 DHCPv6
port.label.547 DHCPv6
port.label.548 AFP
port.label.550 new-who
port.label.554 RTSP
port.label.556 RFS
port.label.560 rmonitor
port.label.561 monitor
port.label.563 NNTPS
port.label.587 SMTP
port.label.591 FileMaker
port.label.593 HTTP RPC
port.label.604 TUNNEL
port.label.623 ASF-RMCP
port.label.631 CUPS
port.label.635 RLZ DBase
port.label.636 LDAPS
port.label.639 MSDP
port.label.641 SupportSoft
port.label.646 LDP
port.label.647 DHCP
port.label.648 RRP
port.label.651 IEEE-MMS
port.label.652 DTCP
port.label.653 SupportSoft
port.label.654 MMS/MMP
port.label.657 RMC
port.label.660 OSX Admin
port.label.665 sun-dr
port.label.666 Doom
port.label.674 ACAP
port.label.691 MS Exchange
port.label.692 Hyperwave-ISP
port.label.694 Linux-HA
port.label.695 IEEE-MMS-SSL
port.label.698 OLSR
port.label.699 Access Network
port.label.700 EPP
port.label.701 LMP
port.label.702 IRIS
port.label.706 SILC
port.label.711 MPLS
port.label.712 TBRPF
port.label.720 SMQP
port.label.749 Kerberos (admin)
port.label.750 rfile
port.label.751 pump
port.label.752 qrh
port.label.753 rrh
port.label.754 tell send
port.label.760 ns
port.label.782 Conserver
port.label.783 spamd
port.label.829 CMP
port.label.843 Flash
port.label.847 DHCP
port.label.860 iSCSI
port.label.873 rsync
port.label.888 CDDB
port.label.901 SWAT
port.label.902-904 VMware
port.label.911 NCA
port.label.953 DNS RNDC
port.label.981 SofaWare Firewall
port.label.989 FTPS
port.label.990 FTPS
port.label.991 NAS
port.label.992 Telnet
port.label.993 IMAPS
port.label.994 IRC
port.label.995 POP3S
port.label.999 ScimoreDB
port.label.1001 JtoMB
port.label.1002 cogbot

port.label.1080 SOCKS
port.label.1085 WebObjects
port.label.1109 KPOP
port.label.1169 Tripwire
port.label.1194 OpenVPN
port.label.1214 Kazaa
port.label.1220 QuickTime
port.label.1234 VLC
port.label.1241 Nessus
port.label.1270 SCOM
port.label.1293 IPSec
port.label.1433 MSSQL
port.label.1434 MSSQL
port.label.1500 NetGuard
port.label.1503 MSN
port.label.1512 WINS
port.label.1521 Oracle
port.label.1526 Oracle
port.label.1533 Sametime
port.label.1666 Perforce
port.label.1677 GroupWise
port.label.1723 PPTP
port.label.1725 Steam
port.label.1863 MSNP
port.label.2049 NFS
port.label.2082 Infowave
port.label.2083 radsec
port.label.2086 GNUnet
port.label.2087 ELI
port.label.2095 NBX SER
port.label.2096 NBX DIR
port.label.2102-2104 Zephyr
port.label.2401 CVS
port.label.2525 SMTP
port.label.2710 BitTorrent
port.label.3074 XBox LIVE
port.label.3101 BlackBerry
port.label.3128 SQUID
port.label.3306 MySQL
port.label.3389 WBT
port.label.3690 SVN
port.label.3723 Battle.net
port.label.3724 WoW
port.label.4321 RWHOIS
port.label.4643 Virtuozzo
port.label.4662 eMule
port.label.5003 FileMaker
port.label.5050 Yahoo IM
port.label.5060 SIP
port.label.5061 SIP
port.label.5190 AIM/ICQ
port.label.5222 Jabber
port.label.5223 Jabber
port.label.5228 Android Market
port.label.5269 Jabber
port.label.5298 Jabber
port.label.5432 PostgreSQL
port.label.5500 VNC
port.label.5556 Freeciv
port.label.5666 NRPE
port.label.5667 NSCA
port.label.5800 VNC
port.label.5900 VNC
port.label.6346 gnutella
port.label.6347 gnutella
port.label.6660-6669 IRC
port.label.6679 IRC
port.label.6697 IRC
port.label.6881-6999 BitTorrent
port.label.8000 iRDMI
port.label.8008 HTTP Alternate
port.label.8010 XMPP
port.label.8074 Gadu-Gadu
port.label.8080 HTTP Proxy
port.label.8087 SPP
port.label.8088 Radan HTTP
port.label.8118 Privoxy
port.label.8123 Polipo
port.label.8443 PCsync HTTPS
port.label.8888 NewsEDGE
port.label.9030 Tor
port.label.9050 Tor
port.label.9051 Tor
port.label.9418 Git
port.label.9999 distinct
port.label.10000 Webmin
port.label.19294 Google Voice
port.label.19638 Ensim
port.label.23399 Skype
port.label.30301 BitTorrent
port.label.33434 traceroute

# Exit policy categories and attributes used by the relay setup wizard. The
# full policy is the Reduced Exit Policy, revision 9 (edited 6/28/11):
# https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy?version=9

port.category all => The following sets which ports can exit the tor network through you. For more information and updates on the suggested policy see: https://trac.torproject.org/projects/tor/wiki/doc/ReducedExitPolicy
port.category web => ports for general internet browsing
port.category mail => ports for receiving email
port.category im => ports for instant messaging
port.category misc => ports for other services

port.exit.misc 20-23      # FTP, SSH, Telnet
port.exit.misc 43         # WHOIS
port.exit.all 53          # DNS
port.exit.misc 79         # Finger
port.exit.web 80          # HTTP
port.exit.web 81          # HTTP alternate?
port.exit.misc 88         # Kerberos
port.exit.mail 110        # POP3
port.exit.mail 143        # IMAP
port.exit.im 194          # IRC
port.exit.mail 220        # IMAP3
port.exit.web 443         # HTTPS
port.exit.misc 464        # Kerberos
port.exit.im 531          # AIM/IRC
port.exit.misc 543-544    # Kerberos
port.exit.misc 563        # NNTPS
port.exit.im 706          # SILC
port.exit.misc 749        # Kerberos
port.exit.misc 873        # rsync
port.exit.misc 902-904    # VMware
port.exit.misc 981        # SofaWare Firewall Administration
port.exit.misc 989-990    # FTPS
port.exit.misc 991        # NAS
port.exit.misc 992        # Telnet
port.exit.mail 993        # IMAPS
port.exit.im 994          # IRC over SSL
port.exit.mail 995        # POP3S
port.exit.misc 1194       # OpenVPN
port.exit.misc 1220       # QuickTime
port.exit.misc 1293       # PKT-KRB-IPSec
port.exit.misc 1500       # NetGuard GuardianPro Firewall Administration / VLSI License Manager
port.exit.im 1533         # Sametime
port.exit.im 1677         # GroupWise
port.exit.misc 1723       # Microsoft Point-to-Point Tunneling Protocol
port.exit.misc 1863       # MSNP
port.exit.misc 2082       # Infowave Mobility Server
port.exit.misc 2083       # Secure Radius Service
port.exit.misc 2086       # GNUnet
port.exit.misc 2087       # Event Logging Integration
port.exit.misc 2095-2096  # NBX SER / DIR
port.exit.im 2102-2104    # Zephyr
port.exit.web 3128        # Squid Proxy
port.exit.misc 3389       # Windows Based Terminal
port.exit.misc 3690       # SVN
port.exit.misc 4321       # RWHOIS
port.exit.misc 4643       # Virtuozzo Power Panel
port.exit.im 5050         # Yahoo IM
port.exit.im 5190         # AIM/ICQ
port.exit.im 5222         # Jabber
port.exit.im 5223         # Jabber over SSL
port.exit.misc 5228       # Android Market
port.exit.misc 5900       # VNC
port.exit.im 6660-6669    # IRC
port.exit.im 6679         # IRC over SSL
port.exit.im 6697         # IRC over SSL
port.exit.misc 8000       # Intel Remote Desktop Management Interface
port.exit.web 8008        # HTTP alternate
port.exit.im 8074         # Gadu-Gadu
port.exit.web 8080        # HTTP Proxies
port.exit.misc 8087       # Simplify Media SPP Protocol
port.exit.misc 8088       # Radan HTTP
port.exit.misc 8443       # PCsync HTTPS
port.exit.misc 8888       # NewsEDGE
port.exit.misc 9418       # Git
port.exit.misc 9999       # distinct
port.exit.misc 10000      # Web-based Linux admin tool
port.exit.misc 19294      # Google Voice
port.exit.misc 19638      # Ensim Control Panel

# Commonly encrypted ports (used to allow for policies that only include
# encrypted traffic)

port.encrypted 22
port.encrypted 53         # dns - not really encrypted but want it anyway
port.encrypted 88
port.encrypted 443
port.encrypted 464
port.encrypted 543
port.encrypted 544
port.encrypted 563
port.encrypted 749
port.encrypted 981
port.encrypted 989
port.encrypted 990
port.encrypted 993
port.encrypted 995
port.encrypted 1194
port.encrypted 1293
port.encrypted 1723
port.encrypted 2083
port.encrypted 5223
port.encrypted 6679
port.encrypted 6697
port.encrypted 8443
tor-arm 1.4.5.0-1 / usr / share / arm / settings.cfg
