daily pastebin goal
48%
SHARE
TWEET

tor1

a guest Aug 26th, 2014 166 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #! /bin/sh
  2. #this needs to be chmod'd 755
  3. #update-rc.d firewall defaults 20 (not the correct way to do this)
  4. #script works with ubuntu/debian based systems
  5.  
  6. iptables -F
  7. iptables -P INPUT ACCEPT
  8. iptables -P FORWARD ACCEPT
  9. iptables -P OUTPUT ACCEPT
  10.  
  11. iptables -P INPUT DROP
  12. iptables -P OUTPUT DROP
  13.  
  14. #allow tor and polipo access to loopback
  15. iptables -I INPUT -j ACCEPT -i lo -p tcp --dport 8118:9050 --sport 1:65000
  16. iptables -A OUTPUT -j ACCEPT -o lo -p tcp --dport 1:65000 --sport 8118:9050
  17.  
  18. #does this allow the user and polipo to send data out to ethernet too?
  19. #use your own username instead of test2
  20. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner test2 -o lo
  21. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner root -o lo
  22. iptables -A OUTPUT -p tcp -j ACCEPT -m owner --uid-owner privoxy -o lo
  23.  
  24. #udp appears not to be needed
  25. #iptables -A OUTPUT -p udp -j ACCEPT -o lo -m owner --uid-owner debian-tor
  26.  
  27. #loop through all ethernet devices and allow tor out; one should be the right one unless you are using wifi; although i think this works with wifi too
  28. NETDEVICES=`ifconfig -a | grep Ethernet | cut -d' ' -f 1 | xargs`
  29.  
  30. for DEVICE in $NETDEVICES
  31. do
  32.         iptables -A OUTPUT -p tcp -j ACCEPT -o $DEVICE -m owner --uid-owner debian-tor
  33.         iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
  34. done
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top