Update sample torrc file for 0.2.3.x

Fix broken URLs.

Tell readers about the OutboundBindAddress, ExitPolicyRejectPrivate,
and PublishServerDescriptor options.

changes/bug4652

@@ -0,0 +1,5 @@
+  o Minor features:
+    - Fix broken URLs in the sample torrc file, and tell readers about
+      the OutboundBindAddress, ExitPolicyRejectPrivate, and
+      PublishServerDescriptor options. Addresses bug 4652.
+

src/config/torrc.sample.in

@@ -1,16 +1,16 @@
 ## Configuration file for a typical Tor user
-## Last updated 16 July 2009 for Tor 0.2.2.1-alpha.
-## (May or may not work for much older or much newer versions of Tor.)
+## Last updated 8 February 2012 for Tor 0.2.3.12-alpha.
+## (may or may not work for much older or much newer versions of Tor.)
 ##
 ## Lines that begin with "## " try to explain what's going on. Lines
 ## that begin with just "#" are disabled commands: you can enable them
 ## by removing the "#" symbol.
 ##
-## See 'man tor', or https://www.torproject.org/tor-manual.html,
+## See 'man tor', or https://www.torproject.org/docs/tor-manual.html,
 ## for more options you can use in this file.
 ##
 ## Tor will look for this file in various places based on your platform:
-## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#torrc
+## https://www.torproject.org/docs/faq#torrc
 
 
 ## Replace this with "SocksPort 0" if you plan to run Tor only as a
@@ -21,7 +21,9 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 
 ## Entry policies to allow/deny SOCKS requests based on IP address.
 ## First entry that matches wins. If no SocksPolicy is set, we accept
-## all (and only) requests from SocksListenAddress.
+## all (and only) requests from SocksListenAddress. Untrusted users who
+## can access your SocksPort may be able to learn about the connections
+## you make.
 #SocksPolicy accept 192.168.0.0/16
 #SocksPolicy reject *
 
@@ -86,13 +88,17 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## yourself to make this work.
 #ORListenAddress 0.0.0.0:9090
 
+## The IP address or full DNS name for incoming connections to your
+## relay. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## If you have multiple network interfaces, you can specify one for
+## outgoing traffic to use.
+# OutboundBindAddress 10.0.0.5
+
 ## A handle for your relay, so people don't have to refer to it by key.
 #Nickname ididnteditheconfig
 
-## The IP address or full DNS name for your relay. Leave commented out
-## and Tor will guess.
-#Address noname.example.com
-
 ## Define these to limit how much relayed traffic you will allow. Your
 ## own traffic is still unthrottled. Note that RelayBandwidthRate must
 ## be at least 20 KB.
@@ -100,9 +106,9 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 #RelayBandwidthBurst 200 KB # But allow bursts up to 200KB/s (1600Kbps)
 
 ## Use these to restrict the maximum traffic per day, week, or month.
-## Note that this threshold applies to sent _and_ to received bytes,
-## not to their sum: Setting "4 GB" may allow up to 8 GB
-## total before hibernating.
+## Note that this threshold applies separately to sent and received bytes,
+## not to their sum: setting "4 GB" may allow up to 8 GB total before
+## hibernating.
 ##
 ## Set a maximum of 4 gigabytes each way per period.
 #AccountingMax 4 GB
@@ -117,7 +123,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## indexes this, so spammers might also collect it.
 #ContactInfo Random Person <nobody AT example dot com>
 ## You might also include your PGP or GPG fingerprint if you have one:
-#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
+#ContactInfo 0xFFFFFFFF Random Person <nobody AT example dot com>
 
 ## Uncomment this to mirror directory information for others. Please do
 ## if you have enough bandwidth.
@@ -137,7 +143,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## key fingerprint of each Tor relay you control, even if they're on
 ## different networks. You declare it here so Tor clients can avoid
 ## using more than one of your relays in a single circuit. See
-## https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
+## https://www.torproject.org/docs/faq#MultipleRelays
 #MyFamily $keyid,$keyid,...
 
 ## A comma-separated list of exit policies. They're considered first
@@ -155,16 +161,24 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## you should update your exit policy to reflect this -- otherwise Tor
 ## users will be told that those destinations are down.
 ##
+## For security, by default Tor rejects connections to private (local)
+## networks, including to your public IP address. See the man page entry
+## for ExitPolicyRejectPrivate if you want to allow "exit enclaving".
+##
 #ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
 #ExitPolicy accept *:119 # accept nntp as well as default exit policy
 #ExitPolicy reject *:* # no exits allowed
-#
+
 ## Bridge relays (or "bridges") are Tor relays that aren't listed in the
-## main directory. Since there is no complete public list of them, even if an
-## ISP is filtering connections to all the known Tor relays, they probably
+## main directory. Since there is no complete public list of them, even an
+## ISP that filters connections to all the known Tor relays probably
 ## won't be able to block all the bridges. Also, websites won't treat you
 ## differently because they won't know you're running Tor. If you can
 ## be a real relay, please do; but if not, be a bridge!
 #BridgeRelay 1
-#ExitPolicy reject *:*
+## By default, Tor will advertise your bridge to users through various
+## mechanisms like https://bridges.torproject.org/. If you want to run
+## a private bridge, for example because you'll give out your bridge
+## address manually to your friends, uncomment this line:
+#PublishServerDescriptor 0