Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/sh
- apt install tor mpv k3b htop xfburn neovim gparted fcitx-mozc fonts-ipafont
- {
- echo high-priority = yes
- echo nice-level = -10
- echo
- echo realtime-scheduling = yes
- echo realtime-priority = 6
- echo
- echo default-sample-format = float32le
- echo default-sample-rate = 192000
- echo alternate-sample-rate = 192000
- } > /etc/pulse/daemon.conf
- chmod 0644 /etc/pulse/daemon.conf
- chown root:root /etc/pulse/daemon.conf
- chattr -i /etc/hosts.allow
- {
- echo
- } > /etc/hosts.allow
- chattr +i /etc/hosts.allow
- chattr -i /etc/hosts.deny
- {
- echo ALL:ALL
- } > /etc/hosts.deny
- chattr +i /etc/hosts.deny
- chattr -i /etc/resolv.conf
- {
- echo nameserver 1.1.1.1
- } > /etc/resolv.conf
- chattr +i /etc/resolv.conf
- {
- echo \#!/bin/sh
- echo
- echo iptables -F
- echo iptables -P INPUT DROP\; iptables -P FORWARD DROP\; iptables -P OUTPUT DROP
- echo
- echo iptables -A INPUT -m state --state INVALID -j DROP
- echo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- echo iptables -A INPUT -i lo -j ACCEPT
- echo iptables -A INPUT -j DROP
- echo
- echo iptables -A FORWARD -j DROP
- echo
- echo iptables -A OUTPUT -m state --state INVALID -j DROP
- echo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- echo
- echo iptables -A OUTPUT -p udp -d 1.1.1.1 --dport 53 -j ACCEPT
- echo
- echo iptables -A OUTPUT -p tcp --syn -m owner --uid-owner debian-tor -m state --state NEW -j ACCEPT
- echo iptables -A OUTPUT -o lo -j ACCEPT
- echo
- echo iptables -A OUTPUT -p tcp --syn --dport 443 -j ACCEPT
- echo iptables -A OUTPUT -p tcp --syn --dport 80 -j ACCEPT
- echo iptables -A OUTPUT -p udp --dport 123 -j ACCEPT
- echo
- echo iptables -A OUTPUT -j DROP
- } > /etc/network/if-pre-up.d/firewall
- chmod 0755 /etc/network/if-pre-up.d/firewall
- chown root:root /etc/network/if-pre-up.d/firewall
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
