From 84f0b5959b8184f46bb35d52b0bbda68b6f2e5bc Mon Sep 17 00:00:00 2001 From: bonanza123 Date: Sun, 25 Dec 2016 11:10:07 +0100 Subject: [PATCH 1/3] adaptation to ArchLinux --- toriptables2.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/toriptables2.py b/toriptables2.py index a309a87..f37f8c5 100755 --- a/toriptables2.py +++ b/toriptables2.py @@ -1,4 +1,4 @@ -#! /usr/bin/env python +#! /usr/bin/env python2 # Written by Rupe version 2 # """ @@ -28,7 +28,7 @@ class TorIptables(object): self.local_loopback = "127.0.0.1" # Local loopback self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"] self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"] - self.tor_uid = getoutput("id -ur debian-tor") # Tor user uid + self.tor_uid = getoutput("id -ur tor") # Tor user uid self.trans_port = "9040" # Tor port self.tor_config_file = '/etc/tor/torrc' self.torrc = r''' @@ -54,7 +54,7 @@ DNSPort %s fnull = open(devnull, 'w') try: tor_restart = check_call( - ["service", "tor", "restart"], + ["systemctl", "restart", "tor"], stdout=fnull, stderr=fnull) if tor_restart is 0: From c0a686ef8ee0c7dfa5c1c4afa7830c5a8e44911a Mon Sep 17 00:00:00 2001 From: bonanza123 Date: Sun, 25 Dec 2016 11:41:05 +0100 Subject: [PATCH 2/3] change Tor DNS port to 5300, as Tor is not run as root, hence it cannot bind to port 53. Also fix DNS redirecting --- toriptables2.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/toriptables2.py b/toriptables2.py index f37f8c5..723eedd 100755 --- a/toriptables2.py +++ b/toriptables2.py @@ -23,7 +23,7 @@ from time import sleep class TorIptables(object): def __init__(self): - self.local_dnsport = "53" # DNSPort + self.local_dnsport = "5300" # DNSPort self.virtual_net = "10.0.0.0/10" # VirtualAddrNetwork self.local_loopback = "127.0.0.1" # Local loopback self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"] @@ -92,7 +92,7 @@ DNSPort %s call(["iptables", "-t", "nat", "-A", "OUTPUT", "-m", "owner", "--uid-owner", "%s" % self.tor_uid, "-j", "RETURN"]) call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport", - self.local_dnsport, "-j", "REDIRECT", "--to-ports", self.local_dnsport]) + "53", "-j", "REDIRECT", "--to-ports", self.local_dnsport]) for net in self.non_tor: call(["iptables", "-t", "nat", "-A", "OUTPUT", "-d", "%s" % net, "-j", From 5795c466c1a5863c54e5595b2251eb64be13a9d5 Mon Sep 17 00:00:00 2001 From: bonanza123 Date: Sun, 25 Dec 2016 11:49:34 +0100 Subject: [PATCH 3/3] first attempt to generalize tor user detection --- toriptables2.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toriptables2.py b/toriptables2.py index 723eedd..df4a9e8 100755 --- a/toriptables2.py +++ b/toriptables2.py @@ -28,7 +28,7 @@ class TorIptables(object): self.local_loopback = "127.0.0.1" # Local loopback self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"] self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"] - self.tor_uid = getoutput("id -ur tor") # Tor user uid + self.tor_uid = getoutput("id -ur debian-tor 2>/dev/null || id -ur tor 2>/dev/null") # Tor user uid self.trans_port = "9040" # Tor port self.tor_config_file = '/etc/tor/torrc' self.torrc = r'''