Guest User

anonymous

a guest
Oct 17th, 2019
184
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
  4. TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
  5. IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
  6.  
  7. [ $EUID != 0 ] && echo "please run as root" && exit 1
  8.  
  9. stop() {
  10.     /etc/init.d/tor stop
  11.     [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && rm ./torrc
  12.     [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && rm ./iptables-rules
  13.     [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && rm ./ip6tables-rules
  14. }
  15.  
  16. start() {
  17.     uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 2
  18.  
  19.     [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
  20.     [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
  21.     [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
  22.  
  23.     iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  24.     ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  25.     {
  26.         for table in $TABLES; do
  27.             iptables -t $table -F; iptables -t $table -X
  28.             ip6tables -t $table -F; ip6tables -t $table -X
  29.             for chain in $CHAINS; do
  30.                 iptables -t $table -P $chain ACCEPT
  31.                 ip6tables -t $table -P $chain ACCEPT
  32.             done
  33.         done
  34.     } 2> /dev/null
  35.  
  36.     iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  37.     iptables -A INPUT -i lo -j ACCEPT
  38.     iptables -A INPUT -j DROP
  39.  
  40.     iptables -A FORWARD -j DROP
  41.  
  42.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  43.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
  44.  
  45.     iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
  46.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
  47.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
  48.  
  49.     iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $uid_owner_tor -j ACCEPT
  50.     iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  51.     iptables -A OUTPUT -o lo -j ACCEPT
  52.  
  53.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  54.         iptables -A OUTPUT -d $iptables_special_addr -j DROP
  55.     done
  56.  
  57.     iptables -A OUTPUT -j DROP
  58.  
  59.     ip6tables -A INPUT -j DROP
  60.  
  61.     ip6tables -A FORWARD -j DROP
  62.  
  63.     ip6tables -A OUTPUT -j DROP
  64.  
  65.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
  66.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
  67.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  68.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  69.  
  70.     iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
  71.     iptables -t nat -A OUTPUT -o lo -j RETURN
  72.  
  73.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  74.         iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
  75.     done
  76.  
  77.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
  78.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
  79.     iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
  80.  
  81.     {
  82.         echo "DNSPort 127.0.0.1:9053"
  83.         echo "AutomapHostsOnResolve 1"
  84.         echo "AutomapHostsSuffixes .onion"
  85.         echo
  86.         echo "TransPort 127.0.0.1:9040"
  87.         echo "VirtualAddrNetwork 10.192.0.0/10"
  88.         echo
  89.         echo "User $uid_owner_tor"
  90.         echo "PIDFile /var/run/tor/tor.pid"
  91.         echo "DataDirectory /var/lib/tor/data/"
  92.     } > /etc/tor/torrc
  93.     /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
  94. }
  95.  
  96. case $1 in
  97.     stop)
  98.         stop
  99.     ;;
  100.     start)
  101.         start $2
  102.     ;;
  103.     *)
  104.         echo "$0 stop"
  105.         echo "$0 start [debian-]tor"
  106.     ;;
  107. esac
RAW Paste Data