SHARE
TWEET

anonymous

a guest Oct 17th, 2019 133 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
  4. TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
  5. IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
  6.  
  7. [ $EUID != 0 ] && echo "please run as root" && exit 1
  8.  
  9. stop() {
  10.     /etc/init.d/tor stop
  11.     [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && rm ./torrc
  12.     [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && rm ./iptables-rules
  13.     [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && rm ./ip6tables-rules
  14. }
  15.  
  16. start() {
  17.     uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 2
  18.  
  19.     [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
  20.     [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
  21.     [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
  22.  
  23.     iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  24.     ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  25.     {
  26.         for table in $TABLES; do
  27.             iptables -t $table -F; iptables -t $table -X
  28.             ip6tables -t $table -F; ip6tables -t $table -X
  29.             for chain in $CHAINS; do
  30.                 iptables -t $table -P $chain ACCEPT
  31.                 ip6tables -t $table -P $chain ACCEPT
  32.             done
  33.         done
  34.     } 2> /dev/null
  35.  
  36.     iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  37.     iptables -A INPUT -i lo -j ACCEPT
  38.     iptables -A INPUT -j DROP
  39.  
  40.     iptables -A FORWARD -j DROP
  41.  
  42.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  43.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
  44.  
  45.     iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
  46.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
  47.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
  48.  
  49.     iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $uid_owner_tor -j ACCEPT
  50.     iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  51.     iptables -A OUTPUT -o lo -j ACCEPT
  52.  
  53.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  54.         iptables -A OUTPUT -d $iptables_special_addr -j DROP
  55.     done
  56.  
  57.     iptables -A OUTPUT -j DROP
  58.  
  59.     ip6tables -A INPUT -j DROP
  60.  
  61.     ip6tables -A FORWARD -j DROP
  62.  
  63.     ip6tables -A OUTPUT -j DROP
  64.  
  65.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
  66.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
  67.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  68.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  69.  
  70.     iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
  71.     iptables -t nat -A OUTPUT -o lo -j RETURN
  72.  
  73.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  74.         iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
  75.     done
  76.  
  77.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
  78.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
  79.     iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
  80.  
  81.     {
  82.         echo "DNSPort 127.0.0.1:9053"
  83.         echo "AutomapHostsOnResolve 1"
  84.         echo "AutomapHostsSuffixes .onion"
  85.         echo
  86.         echo "TransPort 127.0.0.1:9040"
  87.         echo "VirtualAddrNetwork 10.192.0.0/10"
  88.         echo
  89.         echo "User $uid_owner_tor"
  90.         echo "PIDFile /var/run/tor/tor.pid"
  91.         echo "DataDirectory /var/lib/tor/data/"
  92.     } > /etc/tor/torrc
  93.     /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
  94. }
  95.  
  96. case $1 in
  97.     stop)
  98.         stop
  99.     ;;
  100.     start)
  101.         start $2
  102.     ;;
  103.     *)
  104.         echo "$0 stop"
  105.         echo "$0 start [debian-]tor"
  106.     ;;
  107. esac
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top