- Endchan Magrathea

oresha
5/2/2021 11:44:00 No. 158462 [Open] [Reply] report
#!/bin/sh

chattr -i /etc/resolv.conf
{
  echo nameserver 127.0.0.1
} > /etc/resolv.conf
chattr +i /etc/resolv.conf

{
  echo DNSPort 127.0.0.1:9053
  echo AutomapHostsOnResolve 1
  echo AutomapHostsSuffixes .onion
  echo
  echo TransPort 127.0.0.1:9040
  echo VirtualAddrNetwork 10.192.0.0/10
} > /etc/tor/torrc

{
  echo high-priority = yes
  echo nice-level = -10
  echo
  echo realtime-scheduling = yes
  echo realtime-priority = 6
  echo
  echo default-sample-format = float32le
  echo default-sample-rate = 192000
  echo alternate-sample-rate = 192000
} > /etc/pulse/daemon.conf
chmod 0644 /etc/pulse/daemon.conf
chown root:root /etc/pulse/daemon.conf

chattr -i /etc/hosts.allow
{
  echo
} > /etc/hosts.allow
chattr +i /etc/hosts.allow

chattr -i /etc/hosts.deny
{
  echo ALL:ALL
} > /etc/hosts.deny
chattr +i /etc/hosts.deny

{
  echo 127.0.0.1  localhost
  echo 127.0.1.1  d
} > /etc/hosts

{
  echo \#!/bin/sh
  echo
  echo iptables -F
  echo iptables -P INPUT DROP\; iptables -P FORWARD DROP\; iptables -P OUTPUT DROP
  echo
  echo iptables -A INPUT -m state --state INVALID -j DROP
  echo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
  echo iptables -A INPUT -i lo -j ACCEPT
  echo iptables -A INPUT -j DROP
  echo
  echo iptables -A FORWARD -j DROP
  echo
  echo iptables -A OUTPUT -m state --state INVALID -j DROP
  echo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
  echo
  echo iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
  echo iptables -A OUTPUT -o lo -j ACCEPT
  echo
  echo iptables -A OUTPUT -p tcp --dport 443 --syn -m state --state NEW -j ACCEPT
  echo iptables -A OUTPUT -j DROP
  echo
  echo iptables -t nat -F
  echo iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
  echo
  echo ip6tables -F
  echo ip6tables -P INPUT DROP\; ip6tables -P FORWARD DROP\; ip6tables -P OUTPUT DROP
  echo
  echo ip6tables -A INPUT -j DROP
  echo
  echo ip6tables -A FORWARD -j DROP
  echo
  echo ip6tables -A OUTPUT -j DROP
  echo
  echo sysctl -w net.ipv6.conf.all.disable_ipv6=1
  echo sysctl -w net.ipv6.conf.default.disable_ipv6=1
} > /etc/network/if-pre-up.d/firewall
chmod 0755 /etc/network/if-pre-up.d/firewall
chown root:root /etc/network/if-pre-up.d/firewall

{
  echo deb http://deb.debian.org/debian/ buster-backports main
  echo deb-src http://deb.debian.org/debian/ buster-backports main
} > /etc/apt/sources.list.d/backports.list

echo apt update
echo apt install -t buster-backports mpv tor
echo apt install k3b htop xfburn neovim liferea gparted engrampa fcitx-mozc fonts-ipafont arc-theme papirus-icon-theme breeze-cursor-theme firefox-esr-l10n-ja