initial commit

anonymize.sh

@@ -0,0 +1,69 @@
+#!/bin/bash
+
+TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
+TOR_UID="tor"
+TOR_PORT="9050"
+
+IPTABLES_BACKUP=/etc/network/iptables.rules
+
+function info {
+	echo "[+] $1"
+}
+
+function error {
+	echo "[!] $1"
+}
+
+function start {
+	info "Killing non TOR traffic"
+
+	if ! [ -f $IPTABLES_BACKUP ]; then
+	       	touch $IPTABLES_BACKUP
+	fi
+	iptables-save > $IPTABLES_BACKUP
+	info "Saved iptables rules"
+
+	iptables -F
+
+	info "Disabling IPv6"
+	sysctl -w net.ipv6.conf.default.disable_ipv6=1
+
+	for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/8; do
+		iptables -A OUTPUT -d "$NET" -j ACCEPT
+	done
+
+	info "Allowing only TOR output"
+	iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
+	iptables -A OUTPUT -j REJECT
+}
+
+function stop {
+	info "Restoring"
+
+	iptables -F
+
+	if [ -f $IPTABLES_BACKUP ]; then
+		iptables-restore < $IPTABLES_BACKUP
+		rm $IPTABLES_BACKUP
+	fi
+
+	sysctl -w net.ipv6.conf.default.disable_ipv6=0
+
+    info "Done"
+}
+
+
+if [ $(id -u) -ne 0 ]; then
+	error "This script must be run as root"
+	exit 1
+fi
+
+
+case $1 in
+	start)
+		start
+	;;
+	stop)
+		stop
+	;;
+esac