API tools faq
paste
Guest User

core-v4.1

a guest
Sep 28th, 2024
38
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.99 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/sh -eu
  2.  
  3. # ---
  4.  
  5. # core v4.1
  6. # The Unlicense
  7.  
  8. # ---
  9.  
  10. type tor || exit 1
  11. [ $(id -u) -ne 0 ] && echo 'run as root !' && exit 2
  12.  
  13. # ---
  14.  
  15. PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
  16. DNS_PORT=9053; TRANS_PORT=9040; VIRTUAL_ADDR=10.192.0.0/10; TOR_UID='debian-tor'
  17. RESERVED_IP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
  18.  
  19. # ---
  20.  
  21. iptables -t nat -F; iptables -t nat -X; iptables -t nat -Z
  22.  
  23. # ---
  24.  
  25. iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $DNS_PORT
  26. iptables -t nat -A OUTPUT -p tcp -d $VIRTUAL_ADDR --syn -j REDIRECT --to-ports $TRANS_PORT
  27.  
  28. iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
  29. iptables -t nat -A OUTPUT -o lo -j RETURN
  30.  
  31. for reserved_ip in $RESERVED_IP; do
  32.   iptables -t nat -A OUTPUT -d $reserved_ip -j RETURN
  33. done
  34.  
  35. iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
  36.  
  37. # ---
  38.  
  39. iptables -t nat -nvL
  40.  
  41. # ---
  42.  
  43. iptables -F; iptables -X; iptables -Z
  44.  
  45. # ---
  46.  
  47. iptables -A INPUT -m state --state INVALID -j DROP
  48. iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
  49.  
  50. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  51. iptables -A INPUT -i lo -j ACCEPT
  52. iptables -A INPUT -j DROP
  53. iptables -P INPUT DROP
  54.  
  55. # ---
  56.  
  57. iptables -A FORWARD -j DROP
  58. iptables -P FORWARD DROP
  59.  
  60. # ---
  61.  
  62. iptables -A OUTPUT -m state --state INVALID -j DROP
  63. iptables -A OUTPUT -m conntrack --ctstate INVALID -j DROP
  64.  
  65. iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  66.  
  67. iptables -A OUTPUT -p udp -d 127.0.0.1 --dport $DNS_PORT -j ACCEPT
  68. iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport $TRANS_PORT --syn -j ACCEPT
  69.  
  70. iptables -A OUTPUT -p tcp -m owner --uid-owner $TOR_UID -m state --state NEW --syn -j ACCEPT
  71. iptables -A OUTPUT -d 127.0.0.1 -o lo -j ACCEPT
  72.  
  73. for reserved_ip in $RESERVED_IP; do
  74.   iptables -A OUTPUT -d $reserved_ip -j DROP
  75. done
  76.  
  77. iptables -A OUTPUT -j DROP
  78. iptables -P OUTPUT DROP
  79.  
  80. # ---
  81.  
  82. iptables -nvL
  83.  
  84. # ---
  85.  
  86. [ ! -e /etc/tor/torrc.bak ] && cp -v /etc/tor/torrc /etc/tor/torrc.bak
  87.  
  88. # ---
  89.  
  90. {
  91.   echo DNSPort 127.0.0.1:$DNS_PORT
  92.   echo AutomapHostsOnResolve 1
  93.   echo AutomapHostsSuffixes .onion
  94.   echo
  95.   echo TransPort 127.0.0.1:$TRANS_PORT
  96.   echo VirtualAddrNetwork $VIRTUAL_ADDR
  97. } > /etc/tor/torrc; cat /etc/tor/torrc; /etc/init.d/tor restart
  98.  
  99. # ---
  100.  
  101. echo '匿名化が完了しました!'; echo 'Ctrl+C(^C)を押して終了してください。'; echo 'すべてを元に戻したい場合は、Enterを押してください。'; read STOP
  102.  
  103. # ---
  104.  
  105. iptables -t nat -F; iptables -t nat -X; iptables -t nat -Z; iptables -F; iptables -X; iptables -Z
  106. iptables -P INPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -P OUTPUT ACCEPT
  107. iptables -t nat -nvL; iptables -nvL
  108.  
  109. # ---
  110.  
  111. [ -e /etc/tor/torrc.bak ] && mv -v /etc/tor/torrc.bak /etc/tor/torrc
  112.  
  113. # ---
  114.  
  115. /etc/init.d/tor stop
  116.  
  117. # ---
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!