API tools faq
paste
Guest User

firewall version 0.4.0 unstable

a guest
Apr 28th, 2021
188
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.08 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # The Unlicense
  4. # This is free and unencumbered software released into the public domain.
  5.  
  6. # Anyone is free to copy, modify, publish, use, compile, sell, or
  7. # distribute this software, either in source code form or as a compiled
  8. # binary, for any purpose, commercial or non-commercial, and by any
  9. # means.
  10.  
  11. # In jurisdictions that recognize copyright laws, the author or authors
  12. # of this software dedicate any and all copyright interest in the
  13. # software to the public domain. We make this dedication for the benefit
  14. # of the public at large and to the detriment of our heirs and
  15. # successors. We intend this dedication to be an overt act of
  16. # relinquishment in perpetuity of all present and future rights to this
  17. # software under copyright law.
  18.  
  19. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  20. # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  21. # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
  22. # IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
  23. # OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
  24. # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
  25. # OTHER DEALINGS IN THE SOFTWARE.
  26.  
  27. # For more information, please refer to <http://unlicense.org/>
  28.  
  29. SPECIAL_ADDRS='255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
  30.  
  31. # !
  32. iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  33. ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  34.  
  35. chattr -i /etc/hosts.allow; > /etc/hosts.allow; chattr +i /etc/hosts.allow
  36. chattr -i /etc/hosts.deny; echo ALL:ALL > /etc/hosts.deny; chattr +i /etc/hosts.deny
  37.  
  38. iptables -F
  39.  
  40. iptables -A INPUT -m state --state INVALID -j DROP
  41. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  42. iptables -A INPUT -i lo -j ACCEPT
  43. iptables -A INPUT -j DROP
  44.  
  45. iptables -A FORWARD -j DROP
  46.  
  47. iptables -A OUTPUT -m state --state INVALID -j DROP
  48. iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  49.  
  50. iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  51. iptables -A OUTPUT -p tcp --syn -d 127.0.0.1 --dport 9040 -j ACCEPT
  52.  
  53. iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -m state --state NEW -j ACCEPT
  54. iptables -A OUTPUT -o lo -j ACCEPT
  55.  
  56. for special_addr in $SPECIAL_ADDRS; do
  57.     iptables -A OUTPUT -d $special_addr -j DROP
  58. done
  59.  
  60. iptables -A OUTPUT -j DROP
  61.  
  62. iptables -t nat -F
  63.  
  64. iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
  65. iptables -t nat -A OUTPUT -p tcp --syn -d 10.192.0.0/10 -j DNAT --to-destination='127.0.0.1:9040'
  66.  
  67. iptables -t nat -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -j RETURN
  68. iptables -t nat -A OUTPUT -o lo -j RETURN
  69.  
  70. for special_addr in $SPECIAL_ADDRS; do
  71.     iptables -t nat -A OUTPUT -d $special_addr -j RETURN
  72. done
  73.  
  74. iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'
  75.  
  76. # !
  77. echo; echo; iptables -nvL
  78. echo; echo; iptables -t nat -nvL
  79. ip6tables -A INPUT -j DROP; ip6tables -A FORWARD -j DROP; ip6tables -A OUTPUT -j DROP
  80.  
  81. {
  82.         echo DNSPort 127.0.0.1:9053
  83.         echo AutomapHostsOnResolve 1
  84.         echo AutomapHostsSuffixes .onion
  85.         echo
  86.         echo TransPort 127.0.0.1:9040
  87.         echo VirtualAddrNetwork 10.192.0.0/10
  88. } > /etc/tor/torrc
  89.  
  90. systemctl restart tor
  91.  
  92. echo
  93. echo What Is My IP Address
  94. echo https://browserleaks.com/ip
  95. echo https://browserleaks.com/webrtc
  96.  
  97. echo
  98. echo apt install tor sudo neovim
  99. echo nvim ./firewall.sh
  100. echo :set ff=unix
  101. echo :wq!
  102.  
  103. echo
  104. echo chmod 0755 ./firewall.sh
  105. echo sudo ./firewall.sh [debian-]tor
  106.  
  107. echo
  108. echo firefox
  109. echo about:config
  110. echo media.navigator.enabled false
  111. echo media.peerconnection.enabled false
  112.  
  113. # !
  114. echo
  115. echo stop enter
  116. read; read; read
  117. read; read; read
  118. iptables -F OUTPUT
  119. iptables -t nat -F
  120. iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT ACCEPT
  121. ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!