summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/etc
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/etc')
-rw-r--r--config/chroot_local-includes/etc/amnesia/version1
-rw-r--r--config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease1
-rw-r--r--config/chroot_local-includes/etc/apt/preferences19
-rw-r--r--config/chroot_local-includes/etc/default/pdnsd6
-rw-r--r--config/chroot_local-includes/etc/dhcp3/dhclient.conf55
-rw-r--r--config/chroot_local-includes/etc/environment4
-rw-r--r--config/chroot_local-includes/etc/firewall.conf43
-rwxr-xr-xconfig/chroot_local-includes/etc/network/if-up.d/000firewall12
-rwxr-xr-xconfig/chroot_local-includes/etc/network/if-up.d/600tor4
-rw-r--r--config/chroot_local-includes/etc/pdnsd.conf52
-rw-r--r--config/chroot_local-includes/etc/polipo/config164
-rw-r--r--config/chroot_local-includes/etc/tor/tor-tsocks.conf19
-rw-r--r--config/chroot_local-includes/etc/tor/torrc172
13 files changed, 552 insertions, 0 deletions
diff --git a/config/chroot_local-includes/etc/amnesia/version b/config/chroot_local-includes/etc/amnesia/version
new file mode 100644
index 0000000..5798f6f
--- /dev/null
+++ b/config/chroot_local-includes/etc/amnesia/version
@@ -0,0 +1 @@
+20090620
diff --git a/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease
new file mode 100644
index 0000000..4143a94
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease
@@ -0,0 +1 @@
+APT::Default-Release "stable";
diff --git a/config/chroot_local-includes/etc/apt/preferences b/config/chroot_local-includes/etc/apt/preferences
new file mode 100644
index 0000000..574fb56
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/preferences
@@ -0,0 +1,19 @@
+Package: firmware-linux
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: kvkbd
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: *
+Pin: release a=stable
+Pin-Priority: 900
+
+Package: *
+Pin: release a=lenny-backports
+Pin-Priority: 200
+
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/config/chroot_local-includes/etc/default/pdnsd b/config/chroot_local-includes/etc/default/pdnsd
new file mode 100644
index 0000000..6350dda
--- /dev/null
+++ b/config/chroot_local-includes/etc/default/pdnsd
@@ -0,0 +1,6 @@
+# do we start pdnsd ?
+START_DAEMON=yes
+# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
+AUTO_MODE=
+# optional CLI options to pass to pdnsd(8)
+START_OPTIONS=
diff --git a/config/chroot_local-includes/etc/dhcp3/dhclient.conf b/config/chroot_local-includes/etc/dhcp3/dhclient.conf
new file mode 100644
index 0000000..dc80d93
--- /dev/null
+++ b/config/chroot_local-includes/etc/dhcp3/dhclient.conf
@@ -0,0 +1,55 @@
+# Configuration file for /sbin/dhclient, which is included in Debian's
+# dhcp3-client package.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+# man page for more information about the syntax of this file
+# and a more comprehensive list of the parameters understood by
+# dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+# not leave anything out (like the domain name, for example), then
+# few changes must be made to this file, if any.
+#
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+send host-name "titanic";
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, domain-search, host-name,
+ netbios-name-servers, netbios-scope, interface-mtu,
+ rfc3442-classless-static-routes;
+supersede domain-name-servers 127.0.0.1;
+supersede domain-name "localdomain";
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/etc/dhcp3/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+#alias {
+# interface "eth0";
+# fixed-address 192.5.5.213;
+# option subnet-mask 255.255.255.255;
+#}
+
+#lease {
+# interface "eth0";
+# fixed-address 192.33.137.200;
+# medium "link0 link1";
+# option host-name "andare.swiftmedia.com";
+# option subnet-mask 255.255.255.0;
+# option broadcast-address 192.33.137.255;
+# option routers 192.33.137.250;
+# option domain-name-servers 127.0.0.1;
+# renew 2 2000/1/12 00:00:01;
+# rebind 2 2000/1/12 00:00:01;
+# expire 2 2000/1/12 00:00:01;
+#}
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
new file mode 100644
index 0000000..2460f1e
--- /dev/null
+++ b/config/chroot_local-includes/etc/environment
@@ -0,0 +1,4 @@
+http_proxy=http://localhost:8118
+HTTP_PROXY=http://localhost:8118
+SOCKS_SERVER=localhost:9050
+SOCKS5_SERVER=localhost:9050
diff --git a/config/chroot_local-includes/etc/firewall.conf b/config/chroot_local-includes/etc/firewall.conf
new file mode 100644
index 0000000..f8c9e11
--- /dev/null
+++ b/config/chroot_local-includes/etc/firewall.conf
@@ -0,0 +1,43 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# Established connections are accepted.
+[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Local network connections should not fo through Tor.
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
+
+# Tor is allowed to do anything it wants to, everything else is dropped.
+[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
+[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+
+COMMIT
+
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# Local network connections should not fo through Tor. Note that we
+# exclude the VirtualAddrNetwork used for .onion:s here.
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
+
+# Tor is allowed to do anything it wants to.
+[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
+
+# .onion mapped addresses redirection to Tor.
+[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
+
+# Redirect all remaining TCP traffic to Tor.
+[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
+
+COMMIT
diff --git a/config/chroot_local-includes/etc/network/if-up.d/000firewall b/config/chroot_local-includes/etc/network/if-up.d/000firewall
new file mode 100755
index 0000000..f57681e
--- /dev/null
+++ b/config/chroot_local-includes/etc/network/if-up.d/000firewall
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Exit if lo interface
+[ "$METHOD" = "loopback" ] && exit 0
+
+IPTABLES_RULES=/etc/firewall.conf
+
+[ -x /sbin/iptables-restore ] || exit 2
+[ -n "$IPTABLES_RULES" ] || exit 3
+[ -r "$IPTABLES_RULES" ] || exit 4
+
+/sbin/iptables-restore < "$IPTABLES_RULES"
diff --git a/config/chroot_local-includes/etc/network/if-up.d/600tor b/config/chroot_local-includes/etc/network/if-up.d/600tor
new file mode 100755
index 0000000..6f1341f
--- /dev/null
+++ b/config/chroot_local-includes/etc/network/if-up.d/600tor
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+/etc/init.d/tor restart
+
diff --git a/config/chroot_local-includes/etc/pdnsd.conf b/config/chroot_local-includes/etc/pdnsd.conf
new file mode 100644
index 0000000..19197dd
--- /dev/null
+++ b/config/chroot_local-includes/etc/pdnsd.conf
@@ -0,0 +1,52 @@
+// Read the pdnsd.conf(5) manpage for an explanation of the options.
+
+/* Note: this file is overriden by automatic config files when
+ /etc/default/pdnsd AUTO_MODE is set and that
+ /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
+ */
+
+global {
+ perm_cache=2048;
+ cache_dir="/var/cache/pdnsd";
+ run_as="pdnsd";
+ server_ip = 127.0.0.1; // Use eth0 here if you want to allow other
+ // machines on your network to query pdnsd.
+ status_ctl = on;
+// paranoid=on;
+// query_method=tcp_udp; // pdnsd must be compiled with tcp
+ // query support for this to work.
+ min_ttl=15m; // Retain cached entries at least 15 minutes.
+ max_ttl=1w; // One week.
+ timeout=120; // Global timeout option (10 seconds).
+
+ // Don't enable if you don't recurse yourself, can lead to problems
+ // delegation_only="com","net";
+}
+
+# Tor DNS resolver
+server {
+ label = "tor";
+ ip = 127.0.0.1;
+ port = 8853;
+ uptest = none;
+ exclude=".invalid";
+ policy=included;
+ proxy_only = on;
+ lean_query = on;
+}
+
+source {
+ owner=localhost;
+// serve_aliases=on;
+ file="/etc/hosts";
+}
+
+rr {
+ name=localhost;
+ reverse=on;
+ a=127.0.0.1;
+ owner=localhost;
+ soa=localhost,root.localhost,42,86400,900,86400,86400;
+}
+
+/* vim:set ft=c: */
diff --git a/config/chroot_local-includes/etc/polipo/config b/config/chroot_local-includes/etc/polipo/config
new file mode 100644
index 0000000..883f775
--- /dev/null
+++ b/config/chroot_local-includes/etc/polipo/config
@@ -0,0 +1,164 @@
+# Sample configuration file for Polipo. -*-sh-*-
+
+# You should not need to edit this configuration file; all configuration
+# variables have reasonable defaults.
+
+# This file only contains some of the configuration variables; see the
+# list given by ``polipo -v'' and the manual for more.
+
+
+### Basic configuration
+### *******************
+
+# Uncomment one of these if you want to allow remote clients to
+# connect:
+
+# proxyAddress = "::0" # both IPv4 and IPv6
+# proxyAddress = "0.0.0.0" # IPv4 only
+proxyAddress = "127.0.0.1" # IPv4 only
+proxyPort = 8118
+
+# If you are enabling 'proxyAddress' above, then you want to enable the
+# 'allowedClients' variable to the address of your network, e.g.
+# allowedClients = 127.0.0.1, 192.168.42.0/24
+
+# allowedClients = 127.0.0.1
+
+# Uncomment this if you want your Polipo to identify itself by
+# something else than the host name:
+
+proxyName = "localhost"
+
+# Uncomment this if there's only one user using this instance of Polipo:
+
+cacheIsShared = false
+
+# Uncomment this if you want to use a parent proxy:
+
+# parentProxy = "squid.example.org:3128"
+
+# Uncomment this if you want to use a parent SOCKS proxy:
+
+socksParentProxy = "localhost:9050"
+socksProxyType = socks5
+
+
+### Memory
+### ******
+
+# Uncomment this if you want Polipo to use a ridiculously small amount
+# of memory (a hundred C-64 worth or so):
+
+# chunkHighMark = 819200
+# objectHighMark = 128
+
+# Uncomment this if you've got plenty of memory:
+
+# chunkHighMark = 50331648
+# objectHighMark = 16384
+
+
+### On-disk data
+### ************
+
+# Uncomment this if you want to disable the on-disk cache:
+
+diskCacheRoot = ""
+
+# Uncomment this if you want to put the on-disk cache in a
+# non-standard location:
+
+# diskCacheRoot = "~/.polipo-cache/"
+
+# Uncomment this if you want to disable the local web server:
+
+# localDocumentRoot = ""
+
+# Uncomment this if you want to enable the pages under /polipo/index?
+# and /polipo/servers?. This is a serious privacy leak if your proxy
+# is shared.
+
+# disableIndexing = false
+# disableServersList = false
+
+disableLocalInterface = true
+
+### Domain Name System
+### ******************
+
+# Uncomment this if you want to contact IPv4 hosts only (and make DNS
+# queries somewhat faster):
+
+# dnsQueryIPv6 = no
+
+# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
+# double-stack hosts:
+
+# dnsQueryIPv6 = reluctantly
+
+# Uncomment this to disable Polipo's DNS resolver and use the system's
+# default resolver instead. If you do that, Polipo will freeze during
+# every DNS query:
+
+# dnsUseGethostbyname = yes
+
+
+### HTTP
+### ****
+
+# Uncomment this if you want to enable detection of proxy loops.
+# This will cause your hostname (or whatever you put into proxyName
+# above) to be included in every request:
+
+disableVia = true
+
+# Uncomment this if you want to slightly reduce the amount of
+# information that you leak about yourself:
+
+censoredHeaders = from, accept-language, x-pad
+censorReferer = maybe
+
+# Uncomment this if you're paranoid. This will break a lot of sites,
+# though:
+
+# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
+# censorReferer = true
+
+# Uncomment this if you want to use Poor Man's Multiplexing; increase
+# the sizes if you're on a fast line. They should each amount to a few
+# seconds' worth of transfer; if pmmSize is small, you'll want
+# pmmFirstSize to be larger.
+
+# Note that PMM is somewhat unreliable.
+
+# pmmFirstSize = 16384
+# pmmSize = 8192
+
+# Uncomment this if your user-agent does something reasonable with
+# Warning headers (most don't):
+
+# relaxTransparency = maybe
+
+# Uncomment this if you never want to revalidate instances for which
+# data is available (this is not a good idea):
+
+# relaxTransparency = yes
+
+# Uncomment this if you have no network:
+
+# proxyOffline = yes
+
+# Uncomment this if you want to avoid revalidating instances with a
+# Vary header (this is not a good idea):
+
+# mindlesslyCacheVary = true
+
+### Tor-specific configuration
+### **************************
+
+serverSlots = 2
+serverMaxSlots = 8
+allowedPorts = 1-65535
+tunnelAllowedPorts = 1-65535
+maxConnectionAge = 5m
+maxConnectionRequests = 120
diff --git a/config/chroot_local-includes/etc/tor/tor-tsocks.conf b/config/chroot_local-includes/etc/tor/tor-tsocks.conf
new file mode 100644
index 0000000..dd58d8b
--- /dev/null
+++ b/config/chroot_local-includes/etc/tor/tor-tsocks.conf
@@ -0,0 +1,19 @@
+# This is the configuration for libtsocks (transparent socks) for use
+# with tor, which is providing a socks server on port 9050 by default.
+#
+# See tsocks.conf(5) and torify(1) manpages.
+
+server = 127.0.0.1
+server_port = 9050
+
+# We specify local as 127.0.0.0 - 127.191.255.255 because the
+# Tor MAPADDRESS virtual IP range is the rest of net 127.
+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+
+
+# My local networks
+local = 10.0.0.0/255.0.0.0
+local = 172.16.0.0/255.255.0.0
+local = 192.168.0.0/255.255.0.0
+
diff --git a/config/chroot_local-includes/etc/tor/torrc b/config/chroot_local-includes/etc/tor/torrc
new file mode 100644
index 0000000..9da08e2
--- /dev/null
+++ b/config/chroot_local-includes/etc/tor/torrc
@@ -0,0 +1,172 @@
+## Configuration file for a typical Tor user
+## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
+## (May or may not work for much older or much newer versions of Tor.)
+##
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+##
+## See the man page, or https://www.torproject.org/tor-manual-dev.html,
+## for more options you can use in this file.
+##
+## Tor will look for this file in various places based on your platform:
+## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc
+
+
+## Replace this with "SocksPort 0" if you plan to run Tor only as a
+## server, and not make any local application connections yourself.
+SocksPort 9050 # what port to open for local application connections
+SocksListenAddress 127.0.0.1 # accept connections only from localhost
+#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SocksPolicy is set, we accept
+## all (and only) requests from SocksListenAddress.
+#SocksPolicy accept 192.168.0.0/16
+#SocksPolicy reject *
+
+## Logs go to stdout at level "notice" unless redirected by something
+## else, like one of the below lines. You can have as many Log lines as
+## you want.
+##
+## We advise using "notice" in most cases, since anything more verbose
+## may provide sensitive information to an attacker who obtains the logs.
+##
+## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
+#Log notice file /var/log/tor/notices.log
+## Send every possible message to /var/log/tor/debug.log
+#Log debug file /var/log/tor/debug.log
+## Use the system log instead of Tor's logfiles
+#Log notice syslog
+## To send all messages to stderr:
+#Log debug stderr
+
+## Uncomment this to start the process in the background... or use
+## --runasdaemon 1 on the command line. This is ignored on Windows;
+## see the FAQ entry if you want Tor to run as an NT service.
+#RunAsDaemon 1
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+#DataDirectory /var/lib/tor
+
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+ControlPort 9051
+ControlListenAddress 127.0.0.1
+
+## Tor unconditionnally chmod's DataDirectory (/var/lib/tor) at startup,
+## and the debian-tor group can thus not access it, so we have it put
+## the auth cookie elsewhere.
+CookieAuthentication 1
+CookieAuthFile /tmp/control_auth_cookie
+CookieAuthFileGroupReadable 1
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+##
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+#HiddenServiceDir /var/lib/tor/hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+
+#HiddenServiceDir /var/lib/tor/other_hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+#HiddenServicePort 22 127.0.0.1:22
+
+################ This section is just for relays #####################
+#
+## See https://www.torproject.org/docs/tor-doc-relay for details.
+
+## A unique handle for your server.
+#Nickname ididnteditheconfig
+
+## The IP or FQDN for your server. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## Define these to limit the bandwidth usage of relayed (server)
+## traffic. Your own traffic is still unthrottled.
+## Note that RelayBandwidthRate must be at least 20 KB.
+#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)
+
+## Contact info to be published in the directory, so we can contact you
+## if your server is misconfigured or something else goes wrong.
+#ContactInfo Random Person <nobody AT example dot com>
+## You might also include your PGP or GPG fingerprint if you have one:
+#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
+
+## Required: what port to advertise for Tor connections.
+#ORPort 9001
+## If you need to listen on a port other than the one advertised
+## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
+## line below too. You'll need to do ipchains or other port forwarding
+## yourself to make this work.
+#ORListenAddress 0.0.0.0:9090
+
+## Uncomment this to mirror directory information for others. Please do
+## if you have enough bandwidth.
+#DirPort 9030 # what port to advertise for directory connections
+## If you need to listen on a port other than the one advertised
+## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
+## below too. You'll need to do ipchains or other port forwarding yourself
+## to make this work.
+#DirListenAddress 0.0.0.0:9091
+
+## Uncomment this if you run more than one Tor server, and add the
+## nickname of each Tor server you control, even if they're on different
+## networks. You declare it here so Tor clients can avoid using more than
+## one of your servers in a single circuit. See
+## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
+#MyFamily nickname1,nickname2,...
+
+## A comma-separated list of exit policies. They're considered first
+## to last, and the first match wins. If you want to _replace_
+## the default exit policy, end this with either a reject *:* or an
+## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
+## default exit policy. Leave commented to just use the default, which is
+## available in the man page or at https://www.torproject.org/documentation.html
+##
+## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## for issues you might encounter if you use the default exit policy.
+##
+## If certain IPs and ports are blocked externally, e.g. by your firewall,
+## you should update your exit policy to reflect this -- otherwise Tor
+## users will be told that those destinations are down.
+##
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
+#ExitPolicy accept *:119 # accept nntp as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+#
+################ This section is just for bridge relays ##############
+#
+## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even if an
+## ISP is filtering connections to all the known Tor relays, they probably
+## won't be able to block all the bridges. Unlike running an exit relay,
+## running a bridge relay just passes data to and from the Tor network --
+## so it shouldn't expose the operator to abuse complaints.
+
+#ORPort 443
+#BridgeRelay 1
+#RelayBandwidthRate 50KBytes
+#ExitPolicy reject *:*
+
+
+################ Local settings ########################################
+
+## Torified DNS
+DNSPort 8853
+AutomapHostsOnResolve 1
+AutomapHostsSuffixes .exit,.onion
+
+## Transparent proxy
+TransPort 9040
+TransListenAddress 127.0.0.1
+
+## Misc
+AvoidDiskWrites 1