#!/bin/bash

TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
TOR_UID="tor"
TOR_PORT="9050"

IPTABLES_BACKUP=/etc/network/iptables.rules

function info {
	echo "[+] $1"
}

function error {
	echo "[!] $1"
}

function start {
	info "Killing non TOR traffic"

	if ! [ -f $IPTABLES_BACKUP ]; then
	       	touch $IPTABLES_BACKUP
	fi
	iptables-save > $IPTABLES_BACKUP
	info "Saved iptables rules"

	iptables -F

	info "Disabling IPv6"
	sysctl -w net.ipv6.conf.default.disable_ipv6=1

	for NET in $TOR_EXCLUDE 127.0.0.0/8; do
		iptables -A OUTPUT -d "$NET" -j ACCEPT
	done

	info "Allowing only TOR output"
	iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
	iptables -A OUTPUT -j REJECT
}

function stop {
	info "Restoring"

	iptables -F

	if [ -f $IPTABLES_BACKUP ]; then
		iptables-restore < $IPTABLES_BACKUP
		rm $IPTABLES_BACKUP
	fi

	sysctl -w net.ipv6.conf.default.disable_ipv6=0

    info "Done"
}


if [ $(id -u) -ne 0 ]; then
	error "This script must be run as root"
	exit 1
fi


case $1 in
	start)
		start
	;;
	stop)
		stop
	;;
esac