123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869 |
- #!/bin/bash
- TOR_EXCLUDE="192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
- TOR_UID="tor"
- TOR_PORT="9050"
- IPTABLES_BACKUP=/etc/network/iptables.rules
- function info {
- echo "[+] $1"
- }
- function error {
- echo "[!] $1"
- }
- function start {
- info "Killing non TOR traffic"
- if ! [ -f $IPTABLES_BACKUP ]; then
- touch $IPTABLES_BACKUP
- fi
- iptables-save > $IPTABLES_BACKUP
- info "Saved iptables rules"
- iptables -F
- info "Disabling IPv6"
- sysctl -w net.ipv6.conf.default.disable_ipv6=1
- for NET in $TOR_EXCLUDE 127.0.0.0/9 127.128.0.0/8; do
- iptables -A OUTPUT -d "$NET" -j ACCEPT
- done
- info "Allowing only TOR output"
- iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
- iptables -A OUTPUT -j REJECT
- }
- function stop {
- info "Restoring"
- iptables -F
- if [ -f $IPTABLES_BACKUP ]; then
- iptables-restore < $IPTABLES_BACKUP
- rm $IPTABLES_BACKUP
- fi
- sysctl -w net.ipv6.conf.default.disable_ipv6=0
- info "Done"
- }
- if [ $(id -u) -ne 0 ]; then
- error "This script must be run as root"
- exit 1
- fi
- case $1 in
- start)
- start
- ;;
- stop)
- stop
- ;;
- esac
|