Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # The Unlicense
- # firewall-kai.sh version 0.6.0
- SP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
- iptables -t nat -F
- iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
- iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 --syn -j REDIRECT --to-port 9040
- iptables -t nat -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
- iptables -t nat -A OUTPUT -o lo -j RETURN
- iptables -t nat -A OUTPUT -p tcp --dport 443 -j RETURN
- for sp in $SP; do
- iptables -t nat -A OUTPUT -d $sp -j RETURN
- done
- iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-port 9040
- iptables -t nat -nvL
- iptables -F
- iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
- iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p udp --dport 9053 -j ACCEPT
- iptables -A OUTPUT -p tcp --dport 9040 --syn -j ACCEPT
- iptables -A OUTPUT -p tcp -m owner --uid-owner debian-tor --syn -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- iptables -A OUTPUT -p tcp --dport 443 --syn -j ACCEPT
- for sp in $SP; do
- iptables -A OUTPUT -d $sp -j DROP
- done
- iptables -A OUTPUT -j DROP
- iptables -P INPUT DROP
- iptables -P FORWARD DROP
- iptables -P OUTPUT DROP
- iptables -nvL
- ip6tables -F
- ip6tables -A INPUT -j DROP
- ip6tables -A FORWARD -j DROP
- ip6tables -A OUTPUT -j DROP
- ip6tables -P INPUT DROP
- ip6tables -P FORWARD DROP
- ip6tables -P OUTPUT DROP
- ip6tables -nvL
- {
- echo DNSPort 9053
- echo AutomapHostsOnResolve 1
- echo AutomapHostsSuffixes .onion
- echo
- echo TransPort 9040
- echo VirtualAddrNetwork 10.192.0.0/10
- } > /etc/tor/torrc
- systemctl restart tor
Add Comment
Please, Sign In to add comment
