toriptables2/toriptables2.py

97 lines
3.1 KiB
Python
Raw Normal View History

2015-06-17 21:42:03 +00:00
#! /usr/bin/env python
2015-12-22 02:14:35 +00:00
# Written by Rupe version 2
2015-06-17 21:42:03 +00:00
"""
Tor Iptables script is an anonymizer
that sets up iptables and tor to route all services
and traffic including DNS through the tor network.
"""
from __future__ import print_function
from commands import getoutput
from subprocess import call
from os.path import isfile
from os import devnull
2015-12-22 02:14:35 +00:00
from sys import stdout, stderr
2015-12-19 04:27:05 +00:00
from atexit import register
2015-06-17 21:42:03 +00:00
from argparse import ArgumentParser
class TorIptables(object):
2015-12-19 04:27:05 +00:00
def __init__(self):
self.tor_config_file = '/etc/tor/torrc'
self.torrc = '''
2015-06-17 21:42:03 +00:00
VirtualAddrNetwork 10.0.0.0/10
AutomapHostsOnResolve 1
TransPort 9040
DNSPort 53
'''
2015-12-19 04:27:05 +00:00
self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"]
self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"]
self.tor_uid = getoutput("id -ur debian-tor") # Tor user uid
self.trans_port = "9040" # Tor port
self.load_iptables_rules.__init__(self)
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
def flush_iptables_rules(self):
2015-12-19 05:18:22 +00:00
call(["iptables", "-F"])
2015-12-19 04:27:05 +00:00
call(["iptables", "-t", "nat", "-F"])
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
def load_iptables_rules(self):
self.flush_iptables_rules()
self.non_tor.extend(self.non_tor_net)
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
@register
def restart_tor():
fnull = open(devnull, 'w')
2015-12-22 02:14:35 +00:00
call(["service", "tor", "restart"], stdout=fnull, stderr=fnull)
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-m", "owner", "--uid-owner",
"%s" % self.tor_uid, "-j", "RETURN"])
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport", "53",
"-j", "REDIRECT", "--to-ports", "53"])
2015-06-17 21:42:03 +00:00
2015-12-21 23:18:40 +00:00
for net in self.non_tor:
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-d", "%s" % net,
2015-12-19 04:27:05 +00:00
"-j", "RETURN"])
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "--syn", "-j",
"REDIRECT", "--to-ports", "%s" % self.trans_port])
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
call(["iptables", "-A", "OUTPUT", "-m", "state", "--state",
"ESTABLISHED,RELATED", "-j", "ACCEPT"])
2015-06-17 21:42:03 +00:00
2015-12-21 23:31:00 +00:00
for net in self.non_tor:
2015-12-21 23:18:40 +00:00
call(["iptables", "-A", "OUTPUT", "-d", "%s" % net, "-j", "ACCEPT"])
2015-06-17 21:42:03 +00:00
2015-12-19 04:27:05 +00:00
call(["iptables", "-A", "OUTPUT", "-m", "owner", "--uid-owner", "%s" %
self.tor_uid, "-j", "ACCEPT"])
call(["iptables", "-A", "OUTPUT", "-j", "REJECT"])
2015-06-17 21:42:03 +00:00
if __name__ == '__main__':
2015-12-19 04:27:05 +00:00
parser = ArgumentParser(
description='Tor Iptables script for loading and unloading iptables rules')
parser.add_argument('-l', '--load',
action="store_true",
help='This option will load tor iptables rules')
parser.add_argument('-f', '--flush',
action='store_true',
help='This option flushes the iptables rules to default')
args = parser.parse_args()
try:
load_tables = TorIptables()
if isfile(load_tables.tor_config_file):
if not 'VirtualAddrNetwork' in open(load_tables.tor_config_file).read():
with open(load_tables.tor_config_file, 'a+') as torrconf:
torrconf.write(load_tables.torrc)
if args.load:
load_tables.load_iptables_rules()
elif args.flush:
load_tables.flush_iptables_rules()
else:
parser.print_help()
except Exception as err:
print(err)