daily pastebin goal
41%
SHARE
TWEET

tor1

a guest Aug 26th, 2014 163 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /bin/sh
  2. #this needs to be chmod'd 755
  3. #update-rc.d firewall defaults 20 (not the correct way to do this)
  4. #script works with ubuntu/debian based systems
  5.  
  6. iptables -F
  7. iptables -P INPUT ACCEPT
  8. iptables -P FORWARD ACCEPT
  9. iptables -P OUTPUT ACCEPT
  10.  
  11. iptables -P INPUT DROP
  12. iptables -P OUTPUT DROP
  13.  
  14. #allow tor and polipo access to loopback
  15. iptables -I INPUT -j ACCEPT -i lo -p tcp --dport 8118:9050 --sport 1:65000
  16. iptables -A OUTPUT -j ACCEPT -o lo -p tcp --dport 1:65000 --sport 8118:9050
  17.  
  18. #does this allow the user and polipo to send data out to ethernet too?
  19. #use your own username instead of test2
  20. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner test2 -o lo
  21. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner root -o lo
  22. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner privoxy -o lo
  23.  
  24. #udp appears not to be needed
  25. #iptables -A OUTPUT -p udp -j ACCEPT -o lo -m owner --uid-owner debian-tor
  26.  
  27. #loop through all ethernet devices and allow tor out; one should be the right one unless you are using wifi; although i think this works with wifi too
  28. NETDEVICES=`ifconfig -a | grep Ethernet | cut -d' ' -f 1 | xargs`
  29.  
  30. for DEVICE in $NETDEVICES
  31. do
  32.         iptables -A OUTPUT -p tcp -j ACCEPT -o $DEVICE -m owner --uid-owner debian-tor
  33.         iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  34. done
RAW Paste Data
Top