...
 
Commits (5)
......@@ -6,21 +6,30 @@ NON_TOR="192.168.1.0/24 192.168.0.0/24"
TOR_UID="43"
# Tor's TransPort
TRANS_PORT="9040"
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
if ! command -v tor > /dev/null; then
echo "You need to install the tor package."
exit
elif ! systemctl is-active tor.service > /dev/null; then
echo "The tor service is not active, please start the tor service before running the script."
exit
else
iptables -F
iptables -t nat -F
iptables -t nat -A OUTPUT -m owner --uid-owner $TOR_UID -j RETURN
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 5353
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
for NET in $NON_TOR 127.0.0.0/9 127.128.0.0/10; do
iptables -t nat -A OUTPUT -d $NET -j RETURN
done
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j ACCEPT
for NET in $NON_TOR 127.0.0.0/8; do
iptables -A OUTPUT -d $NET -j ACCEPT
done
iptables -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT
iptables -A OUTPUT -j ACCEPT
fi
[Unit]
Description=Start rules for transparent tor proxy
After=network-online.target
After=network-online.target tor.service
[Service]
Type=simple
ExecStart=/usr/bin/tor-router
RemainAfterExit=yes
ExecStop=/usr/bin/iptables -F OUTPUT
TimeoutStopSec=180
KillMode=process
KillSignal=SIGINT
......