Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # The Unlicense
- # This is free and unencumbered software released into the public domain.
- # Anyone is free to copy, modify, publish, use, compile, sell, or
- # distribute this software, either in source code form or as a compiled
- # binary, for any purpose, commercial or non-commercial, and by any
- # means.
- # In jurisdictions that recognize copyright laws, the author or authors
- # of this software dedicate any and all copyright interest in the
- # software to the public domain. We make this dedication for the benefit
- # of the public at large and to the detriment of our heirs and
- # successors. We intend this dedication to be an overt act of
- # relinquishment in perpetuity of all present and future rights to this
- # software under copyright law.
- # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
- # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
- # IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
- # OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
- # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- # OTHER DEALINGS IN THE SOFTWARE.
- # For more information, please refer to <http://unlicense.org/>
- SPECIAL_ADDRS='255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
- # !
- iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
- ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
- chattr -i /etc/hosts.allow; > /etc/hosts.allow; chattr +i /etc/hosts.allow
- chattr -i /etc/hosts.deny; echo ALL:ALL > /etc/hosts.deny; chattr +i /etc/hosts.deny
- iptables -F
- iptables -A INPUT -m state --state INVALID -j DROP
- iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
- iptables -A OUTPUT -m state --state INVALID -j DROP
- iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
- iptables -A OUTPUT -p tcp --syn -d 127.0.0.1 --dport 9040 -j ACCEPT
- iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -m state --state NEW -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- for special_addr in $SPECIAL_ADDRS; do
- iptables -A OUTPUT -d $special_addr -j DROP
- done
- iptables -A OUTPUT -j DROP
- iptables -t nat -F
- iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
- iptables -t nat -A OUTPUT -p tcp --syn -d 10.192.0.0/10 -j DNAT --to-destination='127.0.0.1:9040'
- iptables -t nat -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -j RETURN
- iptables -t nat -A OUTPUT -o lo -j RETURN
- for special_addr in $SPECIAL_ADDRS; do
- iptables -t nat -A OUTPUT -d $special_addr -j RETURN
- done
- iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'
- # !
- echo; echo; iptables -nvL
- echo; echo; ip6tables -nvL
- echo; echo; iptables -t nat -nvL
- ip6tables -A INPUT -j DROP; ip6tables -A FORWARD -j DROP; ip6tables -A OUTPUT -j DROP
- {
- echo DNSPort 127.0.0.1:9053
- echo AutomapHostsOnResolve 1
- echo AutomapHostsSuffixes .onion
- echo
- echo TransPort 127.0.0.1:9040
- echo VirtualAddrNetwork 10.192.0.0/10
- } > /etc/tor/torrc
- systemctl restart tor
- echo
- echo What Is My IP Address
- echo https://browserleaks.com/ip
- echo https://browserleaks.com/webrtc
- echo
- echo apt install tor sudo neovim
- echo nvim ./firewall.sh
- echo :set ff=unix
- echo :wq!
- echo
- echo chmod 0755 ./firewall.sh
- echo sudo ./firewall.sh [debian-]tor
- echo
- echo firefox
- echo about:config
- echo media.navigator.enabled false
- echo media.peerconnection.enabled false
- # !
- echo
- echo stop enter
- read; read; read
- iptables -F OUTPUT
- iptables -t nat -F
- iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT ACCEPT
- ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
Add Comment
Please, Sign In to add comment