void

- enter the void 🪐
git clone git://git.acid.vegas/archlinux.git
torwall (1944B)
      1 #!/bin/bash
      2 # tor firewall script - developed by acidvegas (https://git.acid.vegas/void)
      3 
      4 # All traffic is routed through Tor.
      5 # printf "DNSPort 53\nTransPort 9040\nSocksPort 9050\nControlPort 9051\n" > /etc/tor/torrc
      6 
      7 
      8 start_tor() {
      9     iptables -t nat -A OUTPUT -o lo -j RETURN
     10     iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
     11     iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
     12     iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 9053
     13     iptables -A OUTPUT ! -o lo ! -d 127.0.0.1/8 ! -p tcp -j DROP
     14 	echo "repository=http://lysator7eknrfl47rlyxvgeamrv7ucefgrrlhk7rouv3sna25asetwid.onion/pub/voidlinux/current/musl" > /etc/xbps.d/00-repository-main.conf
     15 	echo "nameserver 127.0.0.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf
     16 	export SOCKS_PROXY="socks5://127.0.0.1:9050"
     17     echo "All traffic is now routed through Tor."
     18 }
     19 
     20 new_tor() {
     21 	iptables -F
     22 	iptables -t nat -F
     23 
     24 	# Allow local-only connections
     25 	iptables -A OUTPUT -o lo -j ACCEPT
     26 
     27 	# Allow the tor process to establish connections
     28 	iptables -A OUTPUT -m owner --uid-owner $(id -u debian-tor) -j ACCEPT
     29 
     30 	# Redirect all non-local TCP connections to Tor's TransPort
     31 	iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
     32 
     33 	# Redirect DNS queries to Tor's DNSPort
     34 	iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
     35 	iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 9053
     36 
     37 	# Reject any other outbound traffic
     38 	iptables -A OUTPUT -j REJECT
     39 }
     40 
     41 stop_tor() {
     42     iptables -F
     43     iptables -t nat -F
     44 	echo "repository=https://repo-default.voidlinux.org/current/musl" > /etc/xbps.d/00-repository-main.conf
     45 	echo "nameserver 1.1.1.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf
     46 	unset SOCKS_PROXY
     47     echo "Tor-only mode is now off."
     48 }
     49 
     50 if [[ $1 == "start" ]]; then
     51     start_tor
     52 elif [[ $1 == "stop" ]]; then
     53     stop_tor
     54 else
     55     echo "Usage: $0 [start|stop]"
     56 fi