Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:"
- TABLES="nat mangle raw security"; CHAINS="PREROUTING INPUT FORWARD OUTPUT POSTROUTING"
- IPTABLES_SPECIAL_ADDRS="255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8"
- [ $EUID != 0 ] && echo "please run as root" && exit 1
- stop() {
- /etc/init.d/tor stop
- [ -f ./torrc ] && cp ./torrc /etc/tor/torrc && rm ./torrc
- [ -f ./iptables-rules ] && iptables-restore < ./iptables-rules && rm ./iptables-rules
- [ -f ./ip6tables-rules ] && ip6tables-restore < ./ip6tables-rules && rm ./ip6tables-rules
- }
- start() {
- uid_owner_tor=${1:-tor}; id $uid_owner_tor || return 2
- [ ! -f ./torrc ] && cp /etc/tor/torrc ./torrc
- [ ! -f ./iptables-rules ] && iptables-save > ./iptables-rules
- [ ! -f ./ip6tables-rules ] && ip6tables-save > ./ip6tables-rules
- iptables -F; iptables -X; iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP
- ip6tables -F; ip6tables -X; ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
- {
- for table in $TABLES; do
- iptables -t $table -F; iptables -t $table -X
- ip6tables -t $table -F; ip6tables -t $table -X
- for chain in $CHAINS; do
- iptables -t $table -P $chain ACCEPT
- ip6tables -t $table -P $chain ACCEPT
- done
- done
- } 2> /dev/null
- iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A INPUT -i lo -j ACCEPT
- iptables -A INPUT -j DROP
- iptables -A FORWARD -j DROP
- iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
- iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9053 -j ACCEPT
- iptables -A OUTPUT -p icmp -d 127.0.0.1 -j ACCEPT
- iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9040 -j ACCEPT
- iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 -j ACCEPT
- iptables -A OUTPUT -m owner --uid-owner $uid_owner_tor -j ACCEPT
- iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
- iptables -A OUTPUT -o lo -j ACCEPT
- for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
- iptables -A OUTPUT -d $iptables_special_addr -j DROP
- done
- iptables -A OUTPUT -j DROP
- ip6tables -A INPUT -j DROP
- ip6tables -A FORWARD -j DROP
- ip6tables -A OUTPUT -j DROP
- iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053
- iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-port 9053
- iptables -t nat -A OUTPUT -p udp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
- iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -j REDIRECT --to-port 9040
- iptables -t nat -A OUTPUT -m owner --uid-owner $uid_owner_tor -j RETURN
- iptables -t nat -A OUTPUT -o lo -j RETURN
- for iptables_special_addr in $IPTABLES_SPECIAL_ADDRS; do
- iptables -t nat -A OUTPUT -d $iptables_special_addr -j RETURN
- done
- iptables -t nat -A OUTPUT -p icmp -j REDIRECT --to-port 9040
- iptables -t nat -A OUTPUT -p udp -j REDIRECT --to-port 9040
- iptables -t nat -A OUTPUT -p tcp -j REDIRECT --to-port 9040
- {
- echo "DNSPort 127.0.0.1:9053"
- echo "AutomapHostsOnResolve 1"
- echo "AutomapHostsSuffixes .onion"
- echo
- echo "TransPort 127.0.0.1:9040"
- echo "VirtualAddrNetwork 10.192.0.0/10"
- echo
- echo "User $uid_owner_tor"
- echo "PIDFile /var/run/tor/tor.pid"
- echo "DataDirectory /var/lib/tor/data/"
- } > /etc/tor/torrc
- /etc/init.d/tor restart && echo "tcp: ok, udp: ok, icmp: ok, webrtc: ng"
- }
- case $1 in
- stop)
- stop
- ;;
- start)
- start $2
- ;;
- *)
- echo "$0 stop"
- echo "$0 start [debian-]tor"
- ;;
- esac
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
