API tools faq
paste
Guest User

firewall.sh version 0.16.8

a guest
Oct 4th, 2021
139
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Bash 2.32 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2.  
  3. # 通常通信
  4. # 'www.nicovideo.jp www.amazon.co.jp www.youtube.com www.google.com'
  5. NO='133.0.0.0/8 13.224.0.0/14 142.250.0.0/15 172.217.0.0/16'
  6.  
  7. # SYN: 礼儀, NEW: 強化
  8. SP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'
  9.  
  10. iptables -t nat -F
  11.  
  12. iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
  13. iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 --syn -j DNAT --to-destination='127.0.0.1:9040'
  14.  
  15. iptables -t nat -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
  16. iptables -t nat -A OUTPUT -o lo -j RETURN
  17.  
  18. # 通常通信
  19. for no in $NO; do
  20.     iptables -t nat -A OUTPUT -d $no -j RETURN
  21. done
  22.  
  23. for sp in $SP; do
  24.     iptables -t nat -A OUTPUT -d $sp -j RETURN
  25. done
  26.  
  27. iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'
  28.  
  29. iptables -t nat -nvL
  30.  
  31.  
  32. iptables -F
  33.  
  34. iptables -A INPUT -m state --state INVALID -j DROP
  35. iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  36. iptables -A INPUT -i lo -j ACCEPT
  37. iptables -A INPUT -j DROP
  38. iptables -P INPUT DROP
  39.  
  40. iptables -A FORWARD -j DROP
  41. iptables -P FORWARD DROP
  42.  
  43. iptables -A OUTPUT -m state --state INVALID -j DROP
  44. iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  45.  
  46. iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  47. iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 --syn -j ACCEPT
  48.  
  49. iptables -A OUTPUT -p tcp -m owner --uid-owner debian-tor -m state --state NEW --syn -j ACCEPT
  50. iptables -A OUTPUT -o lo -j ACCEPT
  51.  
  52. # 通常通信
  53. for no in $NO; do
  54.     iptables -A OUTPUT -p tcp -d $no --dport 443 --syn -j ACCEPT
  55. done
  56.  
  57. for sp in $SP; do
  58.     iptables -A OUTPUT -d $sp -j DROP
  59. done
  60.  
  61. iptables -A OUTPUT -j DROP
  62. iptables -P OUTPUT DROP
  63.  
  64. iptables -nvL
  65.  
  66.  
  67. ip6tables -F
  68.  
  69. ip6tables -A INPUT -j DROP
  70. ip6tables -P INPUT DROP
  71.  
  72. ip6tables -A FORWARD -j DROP
  73. ip6tables -P FORWARD DROP
  74.  
  75. ip6tables -A OUTPUT -j DROP
  76. ip6tables -P OUTPUT DROP
  77.  
  78. ip6tables -nvL
  79.  
  80. {
  81.     echo DNSPort 127.0.0.1:9053
  82.     echo AutomapHostsOnResolve 1
  83.     echo AutomapHostsSuffixes .onion
  84.     echo
  85.     echo TransPort 127.0.0.1:9040
  86.     echo VirtualAddrNetwork 10.192.0.0/10
  87. } > /etc/tor/torrc && systemctl restart tor && echo $0 version 0.16.8
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!