|
@@ -0,0 +1,69 @@
|
|
|
+#!/bin/bash
|
|
|
+
|
|
|
+TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
|
|
|
+TOR_UID="tor"
|
|
|
+TOR_PORT="9050"
|
|
|
+
|
|
|
+IPTABLES_BACKUP=/etc/network/iptables.rules
|
|
|
+
|
|
|
+function info {
|
|
|
+ echo "[+] $1"
|
|
|
+}
|
|
|
+
|
|
|
+function error {
|
|
|
+ echo "[!] $1"
|
|
|
+}
|
|
|
+
|
|
|
+function start {
|
|
|
+ info "Killing non TOR traffic"
|
|
|
+
|
|
|
+ if ! [ -f $IPTABLES_BACKUP ]; then
|
|
|
+ touch $IPTABLES_BACKUP
|
|
|
+ fi
|
|
|
+ iptables-save > $IPTABLES_BACKUP
|
|
|
+ info "Saved iptables rules"
|
|
|
+
|
|
|
+ iptables -F
|
|
|
+
|
|
|
+ info "Disabling IPv6"
|
|
|
+ sysctl -w net.ipv6.conf.default.disable_ipv6=1
|
|
|
+
|
|
|
+ for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/8; do
|
|
|
+ iptables -A OUTPUT -d "$NET" -j ACCEPT
|
|
|
+ done
|
|
|
+
|
|
|
+ info "Allowing only TOR output"
|
|
|
+ iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
|
|
|
+ iptables -A OUTPUT -j REJECT
|
|
|
+}
|
|
|
+
|
|
|
+function stop {
|
|
|
+ info "Restoring"
|
|
|
+
|
|
|
+ iptables -F
|
|
|
+
|
|
|
+ if [ -f $IPTABLES_BACKUP ]; then
|
|
|
+ iptables-restore < $IPTABLES_BACKUP
|
|
|
+ rm $IPTABLES_BACKUP
|
|
|
+ fi
|
|
|
+
|
|
|
+ sysctl -w net.ipv6.conf.default.disable_ipv6=0
|
|
|
+
|
|
|
+ info "Done"
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+if [ $(id -u) -ne 0 ]; then
|
|
|
+ error "This script must be run as root"
|
|
|
+ exit 1
|
|
|
+fi
|
|
|
+
|
|
|
+
|
|
|
+case $1 in
|
|
|
+ start)
|
|
|
+ start
|
|
|
+ ;;
|
|
|
+ stop)
|
|
|
+ stop
|
|
|
+ ;;
|
|
|
+esac
|