API tools faq
paste
Guest User

anonymous version 1.8

a guest
Oct 22nd, 2019
449
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.26 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # anonymous version 1.8
  3. # version 1.0: release
  4. # version 1.1: -p tcp --syn
  5. # version 1.2: sleep 1 * 3
  6. # version 1.3: export delete
  7. # version 1.4: ESTABLISHED top
  8. # version 1.5: disable-ipv6.conf
  9. # version 1.6: sleep 1 * 3 delete
  10. # version 1.7: type
  11. # version 1.8: check exit
  12.  
  13. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
  14. TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
  15. IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
  16.  
  17. [ $EUID != 0 ] && echo "please run as root" && exit 1
  18.  
  19. check() {
  20.     type cp rm bash sysctl iptables ip6tables iptables-save ip6tables-save iptables-restore ip6tables-restore || exit 2
  21. }
  22.  
  23. stop() {
  24.     [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && rm ./torrc
  25.     [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && rm ./iptables-rules
  26.     [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && rm ./ip6tables-rules
  27.     [ -f /etc/sysctl.d/disable-ipv6.conf ] && rm /etc/sysctl.d/disable-ipv6.conf && sysctl --system; /etc/init.d/tor stop
  28. }
  29.  
  30. start() {
  31.     uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 3
  32.  
  33.     [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
  34.     [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
  35.     [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
  36.  
  37.     iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  38.     ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  39.     {
  40.         for table in $TABLES; do
  41.             iptables -t $table -F; iptables -t $table -X
  42.             ip6tables -t $table -F; ip6tables -t $table -X
  43.             for chain in $CHAINS; do
  44.                 iptables -t $table -P $chain ACCEPT
  45.                 ip6tables -t $table -P $chain ACCEPT
  46.             done
  47.         done
  48.     } 2> /dev/null
  49.  
  50.     iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  51.     iptables -A INPUT -i lo -j ACCEPT
  52.     iptables -A INPUT -j DROP
  53.  
  54.     iptables -A FORWARD -j DROP
  55.  
  56.     iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  57.  
  58.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  59.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
  60.  
  61.     iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
  62.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
  63.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
  64.  
  65.     iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $uid_owner_tor -j ACCEPT
  66.     iptables -A OUTPUT -o lo -j ACCEPT
  67.  
  68.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  69.         iptables -A OUTPUT -d $iptables_special_addr -j DROP
  70.     done
  71.  
  72.     iptables -A OUTPUT -j DROP
  73.  
  74.     ip6tables -A INPUT -j DROP
  75.  
  76.     ip6tables -A FORWARD -j DROP
  77.  
  78.     ip6tables -A OUTPUT -j DROP
  79.  
  80.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
  81.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
  82.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  83.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  84.  
  85.     iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
  86.     iptables -t nat -A OUTPUT -o lo -j RETURN
  87.  
  88.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  89.         iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
  90.     done
  91.  
  92.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
  93.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
  94.     iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
  95.  
  96.     {
  97.         echo "DNSPort 127.0.0.1:9053"
  98.         echo "AutomapHostsOnResolve 1"
  99.         echo "AutomapHostsSuffixes .onion"
  100.         echo
  101.         echo "TransPort 127.0.0.1:9040"
  102.         echo "VirtualAddrNetwork 10.192.0.0/10"
  103.         echo
  104.         echo "User $uid_owner_tor"
  105.         echo "PIDFile /var/run/tor/tor.pid"
  106.         echo "DataDirectory /var/lib/tor/data/"
  107.     } > /etc/tor/torrc
  108.     {
  109.         echo "net.ipv6.conf.all.disable_ipv6=1"
  110.         echo "net.ipv6.conf.default.disable_ipv6=1"
  111.     } > /etc/sysctl.d/disable-ipv6.conf; sysctl --system
  112.     /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
  113. }
  114.  
  115. case $1 in
  116.     stop)
  117.         check; stop
  118.     ;;
  119.     start)
  120.         check; start $2
  121.     ;;
  122.     *)
  123.         echo "$0 stop"
  124.         echo "$0 start [debian-]tor"
  125.     ;;
  126. esac
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!