#!/bin/sh chattr -i /etc/resolv.conf { echo nameserver 127.0.0.1 } > /etc/resolv.conf chattr +i /etc/resolv.conf { echo DNSPort 127.0.0.1:9053 echo AutomapHostsOnResolve 1 echo AutomapHostsSuffixes .onion echo echo TransPort 127.0.0.1:9040 echo VirtualAddrNetwork 10.192.0.0/10 } > /etc/tor/torrc { echo high-priority = yes echo nice-level = -10 echo echo realtime-scheduling = yes echo realtime-priority = 6 echo echo default-sample-format = float32le echo default-sample-rate = 192000 echo alternate-sample-rate = 192000 } > /etc/pulse/daemon.conf chmod 0644 /etc/pulse/daemon.conf chown root:root /etc/pulse/daemon.conf chattr -i /etc/hosts.allow { echo } > /etc/hosts.allow chattr +i /etc/hosts.allow chattr -i /etc/hosts.deny { echo ALL:ALL } > /etc/hosts.deny chattr +i /etc/hosts.deny { echo 127.0.0.1 localhost echo 127.0.1.1 d } > /etc/hosts { echo \#!/bin/sh echo echo iptables -F echo iptables -P INPUT DROP\; iptables -P FORWARD DROP\; iptables -P OUTPUT DROP echo echo iptables -A INPUT -m state --state INVALID -j DROP echo iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT echo iptables -A INPUT -i lo -j ACCEPT echo iptables -A INPUT -j DROP echo echo iptables -A FORWARD -j DROP echo echo iptables -A OUTPUT -m state --state INVALID -j DROP echo iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT echo echo iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT echo iptables -A OUTPUT -o lo -j ACCEPT echo echo iptables -A OUTPUT -p tcp --dport 443 --syn -m state --state NEW -j ACCEPT echo iptables -A OUTPUT -j DROP echo echo iptables -t nat -F echo iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053' echo echo ip6tables -F echo ip6tables -P INPUT DROP\; ip6tables -P FORWARD DROP\; ip6tables -P OUTPUT DROP echo echo ip6tables -A INPUT -j DROP echo echo ip6tables -A FORWARD -j DROP echo echo ip6tables -A OUTPUT -j DROP echo echo sysctl -w net.ipv6.conf.all.disable_ipv6=1 echo sysctl -w net.ipv6.conf.default.disable_ipv6=1 } > /etc/network/if-pre-up.d/firewall chmod 0755 /etc/network/if-pre-up.d/firewall chown root:root /etc/network/if-pre-up.d/firewall { echo deb http://deb.debian.org/debian/ buster-backports main echo deb-src http://deb.debian.org/debian/ buster-backports main } > /etc/apt/sources.list.d/backports.list echo apt update echo apt install -t buster-backports mpv tor echo apt install k3b htop xfburn neovim liferea gparted engrampa fcitx-mozc fonts-ipafont arc-theme papirus-icon-theme breeze-cursor-theme firefox-esr-l10n-ja