public
/
torvm
보기 1
좋아요 0
포크 0
코드 이슈 0 풀 리퀘스트 0 릴리즈 0 위키 Activity
How to make the perfect TOR VM in VirtualBox
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 브렌치
트리: 70fcc53036
브랜치 태그
${ item.name }
Create branch ${ searchTerm }
from '70fcc53036'
${ noResults }
torvm/static/etc/iptables/rules.v4

rules.v4 2.1KB
Raw Blame 히스토리

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. *nat

  2. :PREROUTING ACCEPT [0:0]

  3. :POSTROUTING ACCEPT [0:0]

  4. :OUTPUT ACCEPT [0:0]

  5. 

  6. # Redirect any tcp that is not:

  7. # - tor client itself

  8. # - localhost traffic

  9. # - redsocks traffic to tor socks

  10. -A OUTPUT -m owner --uid-owner debian-tor -j RETURN

  11. -A OUTPUT -d 127.0.0.0/8 -j RETURN

  12. -A OUTPUT -m owner --uid-owner redsocks -p tcp -m tcp --dport 9040 -j RETURN

  13. -A OUTPUT ! -p tcp -j RETURN

  14. 

  15. # redirect

  16. -A OUTPUT -p tcp -j MARK --set-mark 0x888

  17. -A OUTPUT -p tcp -j REDIRECT --to-port 9040

  18. 

  19. COMMIT

  20. 

  21. *filter

  22. :INPUT ACCEPT [0:0]

  23. :FORWARD ACCEPT [0:0]

  24. :OUTPUT ACCEPT [0:0]

  25. 

  26. -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT

  27. -A INPUT -p udp -m state --state ESTABLISHED,RELATED -j ACCEPT

  28. -A INPUT -i lo -j ACCEPT

  29. 

  30. -A FORWARD -j DROP

  31. 

  32. -A OUTPUT -m mark --mark 0x0 -o lo -j MARK --set-mark 0x127

  33. -A OUTPUT -m mark --mark 0x0 -d 127.0.0.0/8 -j MARK --set-mark 0x127

  34. 

  35. -A OUTPUT -m mark --mark 0x0 -m owner --uid-owner root -p udp -m udp --sport 68 --dport 67 -d 255.255.255.255 -j MARK --set-mark 0x777

  36. -A OUTPUT -m mark --mark 0x0 -m owner --uid-owner root -p udp -m udp --sport 68 --dport 67 -d 10.0.0.0/8 -j MARK --set-mark 0x777

  37. -A OUTPUT -m mark --mark 0x0 -m owner --uid-owner root -p udp -m udp --sport 68 --dport 67 -d 192.168.0.0/16 -j MARK --set-mark 0x777

  38. 

  39. # tor can go out

  40. -A OUTPUT -m mark --mark 0x0 -m owner --uid-owner debian-tor -j MARK --set-mark 0x777

  41. 

  42. # ntp can go out, required for tor

  43. -A OUTPUT -m mark --mark 0x0 -p udp -m udp --sport 123 --dport 123 -j MARK --set-mark 0x777

  44. 

  45. # any other udp will be dropped

  46. -A OUTPUT -m mark --mark 0x0 -p udp -j MARK --set-mark 0x666

  47. 

  48. # any other tcp will be redsock'ed

  49. -A OUTPUT -m mark --mark 0x0 -p tcp -j MARK --set-mark 0x888

  50. 

  51. #-A OUTPUT -m mark --mark 0x666 -j LOG --log-prefix "0x666:  "

  52. -A OUTPUT -m mark --mark 0x666 -j DROP

  53. 

  54. #-A OUTPUT -m mark --mark 0x777 -j LOG --log-prefix "0x777:  "

  55. -A OUTPUT -m mark --mark 0x777 -j ACCEPT

  56. 

  57. #-A OUTPUT -m mark --mark 0x888 -j LOG --log-prefix "0x888:  "

  58. -A OUTPUT -m mark --mark 0x888 -j ACCEPT

  59. 

  60. #-A OUTPUT -m mark --mark 0x127 -j LOG --log-prefix "0x127:  "

  61. -A OUTPUT -m mark --mark 0x127 -j ACCEPT

  62. 

  63. #-A OUTPUT -j LOG --log-prefix "DROP:   "

  64. -A OUTPUT -j DROP

  65. 

  66. COMMIT