- Endchan Magrathea

oresha
5/2/2021 11:46:00 No. 158463 [Open] [Reply]
#!/bin/sh

IPTABLE_ADDRS='255.255.255.255 240.0.0.0/4 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8'

stop() {
	iptables -F
	iptables -t nat -F
	iptables -P INPUT ACCEPT; iptables -P FORWARD ACCEPT; iptables -P OUTPUT ACCEPT
}

start() {
	iptables -F
	iptables -t nat -F
	iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP

	iptables -A INPUT -m state --state INVALID -j DROP
	iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT
	iptables -A INPUT -i lo -j ACCEPT
	iptables -A INPUT -j DROP

	iptables -A FORWARD -j DROP

	iptables -A OUTPUT -m state --state INVALID -j DROP
	iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT

	iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -j ACCEPT
	iptables -A OUTPUT -p tcp --syn -d 127.0.0.1 --dport 9040 -j ACCEPT

	iptables -A OUTPUT -p tcp --syn -m owner --uid-owner debian-tor -m state --state NEW -j ACCEPT
	iptables -A OUTPUT -o lo -j ACCEPT

	for iptable_addrs in $IPTABLE_ADDRS; do
		iptables -A OUTPUT -d $iptable_addrs -j DROP
	done

	iptables -A OUTPUT -j DROP

	iptables -t nat -A OUTPUT -p udp --dport 53 -j DNAT --to-destination='127.0.0.1:9053'
	iptables -t nat -A OUTPUT -p tcp --syn -d 10.192.0.0/10 -j DNAT --to-destination='127.0.0.1:9040'

	iptables -t nat -A OUTPUT -p tcp --syn -m owner --uid-owner debian-tor -j RETURN
	iptables -t nat -A OUTPUT -o lo -j RETURN

	for iptable_addr in $IPTABLE_ADDRS; do
		iptables -t nat -A OUTPUT -d $iptable_addr -j RETURN
	done

	iptables -t nat -A OUTPUT -p tcp --syn -j DNAT --to-destination='127.0.0.1:9040'

	ip6tables -F
	ip6tables -P INPUT DROP; ip6tables -P FORWARD DROP; ip6tables -P OUTPUT DROP
	ip6tables -A INPUT -j DROP; ip6tables -A FORWARD -j DROP; ip6tables -A OUTPUT -j DROP

	{
		echo DNSPort 127.0.0.1:9053
		echo AutomapHostsOnResolve 1
		echo AutomapHostsSuffixes .onion
		echo
		echo TransPort 127.0.0.1:9040
		echo VirtualAddrNetwork 10.192.0.0/10
	} > /etc/tor/torrc
}

case $1 in
	stop)
		stop
		systemctl stop tor
		iptables -nvL; iptables -t nat -nvL
	;;
	start)
		start
		systemctl restart tor
		iptables -nvL; iptables -t nat -nvL
	;;
	*)
		echo sudo $0 stop
		echo sudo $0 start
	;;
esac