Skip to content

Instantly share code, notes, and snippets.

@mouseroot

mouseroot/toriptables.sh

Created January 20, 2014 17:18
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save mouseroot/8524446 to your computer and use it in GitHub Desktop.
Save mouseroot/8524446 to your computer and use it in GitHub Desktop.
Download ZIP
TOR iptables
Raw
toriptables.sh
#!/bin/sh
#toriptables.sh
# I learned this from https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy
#Reject all ICMP packets because they have no owner which creates a leak
iptables -A OUTPUT -p icmp -j REJECT
#All traffic for the user root will go through tor
iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner root -m tcp -j REDIRECT --to-ports 9040
iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner root -m udp --dport 53 -j REDIRECT --to-ports 53
iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner root -m tcp --dport 9040 -j ACCEPT
iptables -t filter -A OUTPUT -p udp -m owner --uid-owner root -m udp --dport 53 -j ACCEPT
iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner root -j DROP
#All traffic through your user will go through tor
#iptables -t nat -A OUTPUT ! -o lo -p tcp -m owner --uid-owner YOURUSER -m tcp -j REDIRECT --to-ports 9040
#iptables -t nat -A OUTPUT ! -o lo -p udp -m owner --uid-owner YOURUSER -m udp --dport 53 -j REDIRECT --to-ports 53
#iptables -t filter -A OUTPUT -p tcp -m owner --uid-owner YOURUSER -m tcp --dport 9040 -j ACCEPT
#iptables -t filter -A OUTPUT -p udp -m owner --uid-owner YOURUSER -m udp --dport 53 -j ACCEPT
#iptables -t filter -A OUTPUT ! -o lo -m owner --uid-owner YOURUSER -j DROP
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment