Update toriptables2.py

toriptables2.py

@@ -1,5 +1,5 @@
 #! /usr/bin/env python
-# Written by rupe
+# By Rupe
 """
 Tor Iptables script is an anonymizer
 that sets up iptables and tor to route all services
@@ -11,85 +11,85 @@ from commands import getoutput
 from subprocess import call
 from os.path import isfile
 from os import devnull
+from atexit import register
 from argparse import ArgumentParser
 
-fnull = open(devnull, 'w')
-
 
 class TorIptables(object):
-    def __init__(self):
+
-        self.tor_config_file = '/etc/tor/torrc'
+  def __init__(self):
-        self.torrc = '''
+    self.tor_config_file = '/etc/tor/torrc'
+    self.torrc = '''
 VirtualAddrNetwork 10.0.0.0/10
 AutomapHostsOnResolve 1
 TransPort 9040
 DNSPort 53
 '''
-        self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"]
+    self.non_tor_net = ["192.168.0.0/16", "172.16.0.0/12"]
-        self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"]
+    self.non_tor = ["127.0.0.0/9", "127.128.0.0/10", "127.0.0.0/8"]
-        self.tor_uid = getoutput("id -ur debian-tor")  # Tor user uid
+    self.tor_uid = getoutput("id -ur debian-tor")  # Tor user uid
-        self.trans_port = "9040"  # Tor port
+    self.trans_port = "9040"  # Tor port
-        self.load_iptables_rules.__init__(self)
+    self.load_iptables_rules.__init__(self)
 
-    def flush_iptables_rules(self):
+  def flush_iptables_rules(self):
-        call(["iptables", "-F"])
+    call(["iptables", '-F'])
-        call(["iptables", "-t", "nat", "-F"])
+    call(["iptables", "-t", "nat", "-F"])
 
-    def load_iptables_rules(self):
+  def load_iptables_rules(self):
-        self.flush_iptables_rules()
+    self.flush_iptables_rules()
-        self.non_tor.extend(self.non_tor_net)
+    self.non_tor.extend(self.non_tor_net)
 
-        call(["iptables", "-t", "nat", "-A", "OUTPUT", "-m", "owner",
+    @register
-              "--uid-owner", "%s" % self.tor_uid, "-j", "RETURN"])
+    def restart_tor():
-        call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport",
+      fnull = open(devnull, 'w')
-              "53", "-j", "REDIRECT", "--to-ports", "53"])
+      call(["service", "tor", "restart"], stderr=fnull)
 
-        for self.net in self.non_tor:
+    call(["iptables", "-t", "nat", "-A", "OUTPUT", "-m", "owner", "--uid-owner",
-            call(["iptables", "-t", "nat", "-A", "OUTPUT", "-d",
+          "%s" % self.tor_uid, "-j", "RETURN"])
-                  "%s" % self.net, "-j", "RETURN"])
+    call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "udp", "--dport", "53",
+          "-j", "REDIRECT", "--to-ports", "53"])
 
-        call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "--syn",
+    for self.net in self.non_tor:
-              "-j", "REDIRECT", "--to-ports", "%s" % self.trans_port])
+      call(["iptables", "-t", "nat", "-A", "OUTPUT", "-d", "%s" % self.net,
+            "-j", "RETURN"])
 
-        call(["iptables", "-A", "OUTPUT", "-m", "state", "--state",
+    call(["iptables", "-t", "nat", "-A", "OUTPUT", "-p", "tcp", "--syn", "-j",
-              "ESTABLISHED,RELATED", "-j", "ACCEPT"])
+          "REDIRECT", "--to-ports", "%s" % self.trans_port])
 
-        for self.net in self.non_tor:
+    call(["iptables", "-A", "OUTPUT", "-m", "state", "--state",
-            call(["iptables", "-A", "OUTPUT", "-d", "%s" % self.net, "-j",
+          "ESTABLISHED,RELATED", "-j", "ACCEPT"])
-                  "ACCEPT"])
 
-        call(["iptables", "-A", "OUTPUT", "-m", "owner", "--uid-owner",
+    for self.net in (self.non_tor):
-              "%s" % self.tor_uid, "-j", "ACCEPT"])
+      call(["iptables", "-A", "OUTPUT", "-d", "%s" % self.net, "-j", "ACCEPT"])
-        call(["iptables", "-A", "OUTPUT", "-j", "REJECT"])
 
-        # Restart Tor
+    call(["iptables", "-A", "OUTPUT", "-m", "owner", "--uid-owner", "%s" %
-        call(["service", "tor", "restart"], stderr=fnull)
+          self.tor_uid, "-j", "ACCEPT"])
+    call(["iptables", "-A", "OUTPUT", "-j", "REJECT"])
 
 
 if __name__ == '__main__':
-    parser = ArgumentParser(
+  parser = ArgumentParser(
-    description='Tor Iptables script for loading and unloading iptables rules')
+      description='Tor Iptables script for loading and unloading iptables rules')
-    parser.add_argument('-l', '--load',
+  parser.add_argument('-l', '--load',
-                        action='store_true',
+                      action="store_true",
-                        help='This option will load tor iptables rules')
+                      help='This option will load tor iptables rules')
-    parser.add_argument('-f', '--flush',
+  parser.add_argument('-f', '--flush',
-                        action='store_true',
+                      action='store_true',
-                        help='This option flushes the iptables rules to default')
+                      help='This option flushes the iptables rules to default')
-    args = parser.parse_args()
+  args = parser.parse_args()
 
-    try:
+  try:
-        load_tables = TorIptables()
+    load_tables = TorIptables()
-        if isfile(load_tables.tor_config_file):
+    if isfile(load_tables.tor_config_file):
-            if not 'VirtualAddrNetwork' in open(
+      if not 'VirtualAddrNetwork' in open(load_tables.tor_config_file).read():
-                load_tables.tor_config_file).read():
+        with open(load_tables.tor_config_file, 'a+') as torrconf:
-                with open(load_tables.tor_config_file, 'a+') as torrconf:
+          torrconf.write(load_tables.torrc)
-                    torrconf.write(load_tables.torrc)
 
-        if args.load:
+    if args.load:
-            load_tables.load_iptables_rules()
+      load_tables.load_iptables_rules()
-        elif args.flush:
+    elif args.flush:
-            load_tables.flush_iptables_rules()
+      load_tables.flush_iptables_rules()
-        else:
+    else:
-            parser.print_help()
+      parser.print_help()
-    except Exception as err:
+  except Exception as err:
-        print(err)
+    print(err)