Add files via upload
Shell implementation
這個提交存在於:
父節點
9e71bcbfd6
當前提交
49e32e8324
共有 1 個檔案被更改,包括 163 行新增 和 0 行删除
163
anonymizer.sh
一般檔案
163
anonymizer.sh
一般檔案
|
@ -0,0 +1,163 @@
|
|||
#!/bin/bash
|
||||
|
||||
# NAME: anonymizer.sh #
|
||||
# DESCRIPTION: Transparently routing traffic through Tor #
|
||||
# VERSION: 0.1.0 #
|
||||
# AUTHOR: netico <netico@riseup.net> #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
# This code is free software; you can redistribute it and/or modify it under #
|
||||
# the terms of the GNU General Public License version 3 only, as published by #
|
||||
# the Free Software Foundation. #
|
||||
# This code is distributed in the hope that it will be useful, but WITHOUT ANY #
|
||||
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS #
|
||||
# FOR A PARTICULAR PURPOSE. #
|
||||
|
||||
# DOCUMENTATION -------------------------------------------------------------- #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
# https://www.torproject.org/ #
|
||||
# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy #
|
||||
# https://www.netfilter.org/projects/iptables/index.html #
|
||||
# #
|
||||
# To enable the transparent proxy and the DNS proxy add the following lines to #
|
||||
# /etc/tor/torrc: #
|
||||
# #
|
||||
# VirtualAddrNetworkIPv4 10.192.0.0/10 #
|
||||
# AutomapHostsOnResolve 1 #
|
||||
# TransPort 9040 IsolateClientAddr IsolateClientProtocol IsolateDestAddr \ #
|
||||
# IsolateDestPort #
|
||||
# DNSPort 5353 #
|
||||
# #
|
||||
# Configure your system's DNS resolver to use Tor's DNSPort on the loopback #
|
||||
# interface by modifying /etc/resolv.conf: #
|
||||
# #
|
||||
# nameserver 127.0.0.1 #
|
||||
|
||||
# CONFIGURATION -------------------------------------------------------------- #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
INTERFACE=enp7s0
|
||||
TOR_UID=112
|
||||
TOR_PORT=9040
|
||||
TOR_DNS_PORT=5353
|
||||
VIRTUAL_ADDRESS="10.192.0.0/10"
|
||||
IPTABLES=$(which iptables)
|
||||
|
||||
# FUNCTIONS ------------------------------------------------------------------ #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
reset_iptables () {
|
||||
echo "Resetting iptables rules"
|
||||
|
||||
# Reset policies
|
||||
$IPTABLES -P INPUT ACCEPT
|
||||
$IPTABLES -P FORWARD ACCEPT
|
||||
$IPTABLES -P OUTPUT ACCEPT
|
||||
$IPTABLES -t nat -P PREROUTING ACCEPT
|
||||
$IPTABLES -t nat -P POSTROUTING ACCEPT
|
||||
$IPTABLES -t nat -P OUTPUT ACCEPT
|
||||
$IPTABLES -t mangle -P PREROUTING ACCEPT
|
||||
$IPTABLES -t mangle -P OUTPUT ACCEPT
|
||||
|
||||
# Flush rules and erase non default chains
|
||||
$IPTABLES -F
|
||||
$IPTABLES -X
|
||||
$IPTABLES -t nat -F
|
||||
$IPTABLES -t nat -X
|
||||
$IPTABLES -t mangle -F
|
||||
$IPTABLES -t mangle -X
|
||||
}
|
||||
|
||||
transparent_proxy () {
|
||||
echo "Adding iptables rules for interface $INTERFACE"
|
||||
|
||||
# *nat OUTPUT (local redirection)
|
||||
# .onion addresses
|
||||
$IPTABLES -t nat -A OUTPUT -d $VIRTUAL_ADDRESS -p tcp -m tcp \
|
||||
--tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports $TOR_PORT
|
||||
|
||||
# DNS requests to Tor
|
||||
$IPTABLES -t nat -A OUTPUT -d 127.0.0.1/32 -p udp -m udp \
|
||||
--dport 53 -j REDIRECT --to-ports $TOR_DNS_PORT
|
||||
|
||||
# Don't nat the Tor process and the loopback interface
|
||||
$IPTABLES -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
|
||||
$IPTABLES -t nat -A OUTPUT -o lo -j RETURN
|
||||
|
||||
# Redirect all other to Tor's TransPort
|
||||
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp \
|
||||
--tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports $TOR_PORT
|
||||
|
||||
# *filter INPUT
|
||||
$IPTABLES -A INPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
$IPTABLES -A INPUT -i lo -j ACCEPT
|
||||
$IPTABLES -A INPUT -j DROP
|
||||
|
||||
# *filter FORWARD
|
||||
$IPTABLES -A FORWARD -j DROP
|
||||
|
||||
# *filter OUTPUT
|
||||
$IPTABLES -A OUTPUT -m state --state INVALID -j DROP
|
||||
$IPTABLES -A OUTPUT -m state --state ESTABLISHED -j ACCEPT
|
||||
|
||||
# Allow Tor process output
|
||||
$IPTABLES -A OUTPUT -o $INTERFACE -m owner --uid-owner $TOR_UID \
|
||||
-p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m state \
|
||||
--state NEW -j ACCEPT
|
||||
|
||||
# Allow loopback output
|
||||
$IPTABLES -A OUTPUT -d 127.0.0.1/32 -o lo -j ACCEPT
|
||||
|
||||
# Tor transproxy magic
|
||||
$IPTABLES -A OUTPUT -d 127.0.0.1/32 -p tcp -m tcp --dport $TOR_PORT \
|
||||
--tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
|
||||
|
||||
# Log & Drop everything else
|
||||
$IPTABLES -A OUTPUT -j LOG \
|
||||
--log-prefix "Dropped OUTPUT packet: " --log-level 7 --log-uid
|
||||
$IPTABLES -A OUTPUT -j DROP
|
||||
|
||||
# Set default policies to DROP
|
||||
$IPTABLES -P INPUT DROP
|
||||
$IPTABLES -P FORWARD DROP
|
||||
$IPTABLES -P OUTPUT DROP
|
||||
}
|
||||
|
||||
# MAIN ----------------------------------------------------------------------- #
|
||||
# ---------------------------------------------------------------------------- #
|
||||
if [ $USER != 'root' ]
|
||||
then
|
||||
echo "Must be root for run this script! Bye."
|
||||
exit 99
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting tor service..."
|
||||
service tor start && echo "Done!"
|
||||
;;
|
||||
stop)
|
||||
echo -n "Stopping tor service..."
|
||||
service tor stop && echo "Done!"
|
||||
;;
|
||||
restart)
|
||||
echo -n "Restarting tor service..."
|
||||
service tor restart && echo "Done!"
|
||||
;;
|
||||
status)
|
||||
service tor status &
|
||||
;;
|
||||
reset)
|
||||
reset_iptables
|
||||
;;
|
||||
proxy)
|
||||
$0 reset
|
||||
$0 restart
|
||||
transparent_proxy
|
||||
;;
|
||||
log)
|
||||
tail -20 /var/log/tor/notices.log
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $0 {start|stop|status|restart|reset|proxy|log}"
|
||||
exit 2
|
||||
;;
|
||||
esac
|
||||
exit 0
|
載入中…
新增問題並參考