API tools faq
paste
Advertisement
Guest User

anonymous version 1.9

a guest
Oct 22nd, 2019
132
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 4.26 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # anonymous version 1.9
  3. # version 1.0: release
  4. # version 1.1: -p tcp --syn
  5. # version 1.2: sleep 1 * 3
  6. # version 1.3: export delete
  7. # version 1.4: ESTABLISHED top
  8. # version 1.5: disable-ipv6.conf
  9. # version 1.6: sleep 1 * 3 delete
  10. # version 1.7: type
  11. # version 1.8: check exit
  12. # version 1.9: check delete
  13.  
  14. PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
  15. TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
  16. IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
  17.  
  18. type cp rm tor bash sysctl iptables ip6tables iptables-save ip6tables-save iptables-restore ip6tables-restore || exit 1
  19. [ $EUID != 0 ] && echo "please run as root" && exit 2
  20.  
  21. stop() {
  22.     [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && rm ./torrc
  23.     [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && rm ./iptables-rules
  24.     [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && rm ./ip6tables-rules
  25.     [ -f /etc/sysctl.d/disable-ipv6.conf ] && rm /etc/sysctl.d/disable-ipv6.conf && sysctl --system; /etc/init.d/tor stop
  26. }
  27.  
  28. start() {
  29.     uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 3
  30.  
  31.     [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
  32.     [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
  33.     [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
  34.  
  35.     iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
  36.     ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
  37.     {
  38.         for table in $TABLES; do
  39.             iptables -t $table -F; iptables -t $table -X
  40.             ip6tables -t $table -F; ip6tables -t $table -X
  41.             for chain in $CHAINS; do
  42.                 iptables -t $table -P $chain ACCEPT
  43.                 ip6tables -t $table -P $chain ACCEPT
  44.             done
  45.         done
  46.     } 2> /dev/null
  47.  
  48.     iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  49.     iptables -A INPUT -i lo -j ACCEPT
  50.     iptables -A INPUT -j DROP
  51.  
  52.     iptables -A FORWARD -j DROP
  53.  
  54.     iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  55.  
  56.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  57.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
  58.  
  59.     iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
  60.     iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
  61.     iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
  62.  
  63.     iptables -A OUTPUT -p tcp --syn -m owner --uid-owner $uid_owner_tor -j ACCEPT
  64.     iptables -A OUTPUT -o lo -j ACCEPT
  65.  
  66.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  67.         iptables -A OUTPUT -d $iptables_special_addr -j DROP
  68.     done
  69.  
  70.     iptables -A OUTPUT -j DROP
  71.  
  72.     ip6tables -A INPUT -j DROP
  73.  
  74.     ip6tables -A FORWARD -j DROP
  75.  
  76.     ip6tables -A OUTPUT -j DROP
  77.  
  78.     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
  79.     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
  80.     iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  81.     iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
  82.  
  83.     iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
  84.     iptables -t nat -A OUTPUT -o lo -j RETURN
  85.  
  86.     for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
  87.         iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
  88.     done
  89.  
  90.     iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
  91.     iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
  92.     iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
  93.  
  94.     {
  95.         echo "DNSPort 127.0.0.1:9053"
  96.         echo "AutomapHostsOnResolve 1"
  97.         echo "AutomapHostsSuffixes .onion"
  98.         echo
  99.         echo "TransPort 127.0.0.1:9040"
  100.         echo "VirtualAddrNetwork 10.192.0.0/10"
  101.         echo
  102.         echo "User $uid_owner_tor"
  103.         echo "PIDFile /var/run/tor/tor.pid"
  104.         echo "DataDirectory /var/lib/tor/data/"
  105.     } > /etc/tor/torrc
  106.     {
  107.         echo "net.ipv6.conf.all.disable_ipv6=1"
  108.         echo "net.ipv6.conf.default.disable_ipv6=1"
  109.     } > /etc/sysctl.d/disable-ipv6.conf; sysctl --system
  110.     /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
  111. }
  112.  
  113. case $1 in
  114.     stop)
  115.         stop
  116.     ;;
  117.     start)
  118.         start $2
  119.     ;;
  120.     *)
  121.         echo "$0 stop"
  122.         echo "$0 start [debian-]tor"
  123.     ;;
  124. esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!