Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # The Unlicense
- SP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
- # ---
- iptables -t nat -F
- iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
- iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 --syn -j DNAT --to-destination='127.0.0.1:9040'
- iptables -t nat -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
- iptables -t nat -A OUTPUT -o lo -j RETURN
- for sp in $SP; do
- iptables -t nat -A OUTPUT -d $sp -j RETURN
- done
- iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'
- iptables -t nat -nvL
- # ---
- iptables -F
- iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
- iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
- iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 --syn -j ACCEPT
- iptables -A OUTPUT -p tcp -m owner --uid-owner debian-tor --syn -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- for sp in $SP; do
- iptables -A OUTPUT -d $sp -j DROP
- done
- iptables -A OUTPUT -j DROP
- iptables -nvL
- # ---
- ip6tables -F
- ip6tables -A INPUT -j DROP
- ip6tables -A FORWARD -j DROP
- ip6tables -A OUTPUT -j DROP
- ip6tables -nvL
- # ---
- {
- echo ExitNodes {jp}
- echo EntryNodes {jp}
- echo MiddleNodes {jp}
- echo
- echo DNSPort 127.0.0.1:9053
- echo AutomapHostsOnResolve 1
- echo AutomapHostsSuffixes .onion
- echo
- echo TransPort 127.0.0.1:9040
- echo VirtualAddrNetwork 10.192.0.0/10
- } > /etc/tor/torrc
- systemctl restart tor
Add Comment
Please, Sign In to add comment
