Guest User

firewall 0.4.1 stable

a guest
Apr 29th, 2021
88
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2.  
  3. # The Unlicense
  4. # This is free and unencumbered software released into the public domain.
  5.  
  6. # Anyone is free to copy, modify, publish, use, compile, sell, or
  7. # distribute this software, either in source code form or as a compiled
  8. # binary, for any purpose, commercial or non-commercial, and by any
  9. # means.
  10.  
  11. # In jurisdictions that recognize copyright laws, the author or authors
  12. # of this software dedicate any and all copyright interest in the
  13. # software to the public domain. We make this dedication for the benefit
  14. # of the public at large and to the detriment of our heirs and
  15. # successors. We intend this dedication to be an overt act of
  16. # relinquishment in perpetuity of all present and future rights to this
  17. # software under copyright law.
  18.  
  19. # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  20. # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  21. # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
  22. # IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
  23. # OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
  24. # ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
  25. # OTHER DEALINGS IN THE SOFTWARE.
  26.  
  27. # For more information, please refer to <http://unlicense.org/>
  28.  
  29. SPECIAL_ADDRS='255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
  30.  
  31. # !
  32. iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  33. ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  34.  
  35. chattr -i /etc/hosts.allow; > /etc/hosts.allow; chattr +i /etc/hosts.allow
  36. chattr -i /etc/hosts.deny; echo ALL:ALL > /etc/hosts.deny; chattr +i /etc/hosts.deny
  37.  
  38. iptables -F
  39.  
  40. iptables -A INPUT -m state --state INVALID -j DROP
  41. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  42. iptables -A INPUT -i lo -j ACCEPT
  43. iptables -A INPUT -j DROP
  44.  
  45. iptables -A FORWARD -j DROP
  46.  
  47. iptables -A OUTPUT -m state --state INVALID -j DROP
  48. iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  49.  
  50. iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  51. iptables -A OUTPUT -p tcp --syn -d 127.0.0.1 --dport 9040 -j ACCEPT
  52.  
  53. iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -m state --state NEW -j ACCEPT
  54. iptables -A OUTPUT -o lo -j ACCEPT
  55.  
  56. for special_addr in $SPECIAL_ADDRS; do
  57.     iptables -A OUTPUT -d $special_addr -j DROP
  58. done
  59.  
  60. iptables -A OUTPUT -j DROP
  61.  
  62. iptables -t nat -F
  63.  
  64. iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
  65. iptables -t nat -A OUTPUT -p tcp --syn -d 10.192.0.0/10 -j DNAT --to-destination='127.0.0.1:9040'
  66.  
  67. iptables -t nat -A OUTPUT -p tcp --syn -m owner --uid-owner $1 -j RETURN
  68. iptables -t nat -A OUTPUT -o lo -j RETURN
  69.  
  70. for special_addr in $SPECIAL_ADDRS; do
  71.     iptables -t nat -A OUTPUT -d $special_addr -j RETURN
  72. done
  73.  
  74. iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'
  75.  
  76. # !
  77. echo; echo; iptables -nvL
  78. echo; echo; ip6tables -nvL
  79. echo; echo; iptables -t nat -nvL
  80. ip6tables -A INPUT -j DROP; ip6tables -A FORWARD -j DROP; ip6tables -A OUTPUT -j DROP
  81.  
  82. {
  83.         echo DNSPort 127.0.0.1:9053
  84.         echo AutomapHostsOnResolve 1
  85.         echo AutomapHostsSuffixes .onion
  86.         echo
  87.         echo TransPort 127.0.0.1:9040
  88.         echo VirtualAddrNetwork 10.192.0.0/10
  89. } > /etc/tor/torrc
  90.  
  91. systemctl restart tor
  92.  
  93. echo
  94. echo What Is My IP Address
  95. echo https://browserleaks.com/ip
  96. echo https://browserleaks.com/webrtc
  97.  
  98. echo
  99. echo apt install tor sudo neovim
  100. echo nvim ./firewall.sh
  101. echo :set ff=unix
  102. echo :wq!
  103.  
  104. echo
  105. echo chmod 0755 ./firewall.sh
  106. echo sudo ./firewall.sh [debian-]tor
  107.  
  108. echo
  109. echo firefox
  110. echo about:config
  111. echo media.navigator.enabled false
  112. echo media.peerconnection.enabled false
  113.  
  114. # !
  115. echo
  116. echo stop enter
  117. read; read; read
  118. iptables -F OUTPUT
  119. iptables -t nat -F
  120. iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT ACCEPT
  121. ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
RAW Paste Data