API tools faq
paste
Advertisement
Guest User

anonymous version 1.5

a guest
Oct 18th, 2019
145
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.07 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # anonymous version 1.5
  3. # version 1.0: release
  4. # version 1.1: -p tcp --syn
  5. # version 1.2: sleep 3 * 3
  6. # version 1.3: export delete
  7. # version 1.4: ESTABLISHED top
  8. # version 1.5: disable-ipv6.conf
  9.  
  10. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
  11. TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
  12. IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
  13.  
  14. [ $EUID != 0 ] && echo "please run as root" && exit 1
  15.  
  16. stop() {
  17.     [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && sleep 3 && rm ./torrc
  18.     [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && sleep 3 && rm ./iptables-rules
  19.     [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && sleep 3 && rm ./ip6tables-rules
  20.     [ -f /etc/sysctl.d/disable-ipv6.conf ] && rm /etc/sysctl.d/disable-ipv6.conf && sysctl --system; /etc/init.d/tor stop
  21. }
  22.  
  23. start() {
  24.     uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 2
  25.  
  26.     [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
  27.     [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
  28.     [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
  29.  
  30.     iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  31.     ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  32.     {
  33.         for table in $TABLES; do
  34.             iptables -t $table -F; iptables -t $table -X
  35.             ip6tables -t $table -F; ip6tables -t $table -X
  36.             for chain in $CHAINS; do
  37.                 iptables -t $table -P $chain ACCEPT
  38.                 ip6tables -t $table -P $chain ACCEPT
  39.             done
  40.         done
  41.     } 2> /dev/null
  42.  
  43.     iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  44.     iptables -A INPUT -i lo -j ACCEPT
  45.     iptables -A INPUT -j DROP
  46.  
  47.     iptables -A FORWARD -j DROP
  48.  
  49.     iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  50.  
  51.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  52.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
  53.  
  54.     iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
  55.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
  56.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
  57.  
  58.     iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $uid_owner_tor -j ACCEPT
  59.     iptables -A OUTPUT -o lo -j ACCEPT
  60.  
  61.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  62.         iptables -A OUTPUT -d $iptables_special_addr -j DROP
  63.     done
  64.  
  65.     iptables -A OUTPUT -j DROP
  66.  
  67.     ip6tables -A INPUT -j DROP
  68.  
  69.     ip6tables -A FORWARD -j DROP
  70.  
  71.     ip6tables -A OUTPUT -j DROP
  72.  
  73.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
  74.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
  75.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  76.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  77.  
  78.     iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
  79.     iptables -t nat -A OUTPUT -o lo -j RETURN
  80.  
  81.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  82.         iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
  83.     done
  84.  
  85.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
  86.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
  87.     iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
  88.  
  89.     {
  90.         echo "DNSPort 127.0.0.1:9053"
  91.         echo "AutomapHostsOnResolve 1"
  92.         echo "AutomapHostsSuffixes .onion"
  93.         echo
  94.         echo "TransPort 127.0.0.1:9040"
  95.         echo "VirtualAddrNetwork 10.192.0.0/10"
  96.         echo
  97.         echo "User $uid_owner_tor"
  98.         echo "PIDFile /var/run/tor/tor.pid"
  99.         echo "DataDirectory /var/lib/tor/data/"
  100.     } > /etc/tor/torrc
  101.     {
  102.         echo "net.ipv6.conf.all.disable_ipv6=1"
  103.         echo "net.ipv6.conf.default.disable_ipv6=1"
  104.     } > /etc/sysctl.d/disable-ipv6.conf; sysctl --system
  105.     /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
  106. }
  107.  
  108. case $1 in
  109.     stop)
  110.         stop
  111.     ;;
  112.     start)
  113.         start $2
  114.     ;;
  115.     *)
  116.         echo "$0 stop"
  117.         echo "$0 start [debian-]tor"
  118.     ;;
  119. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!