add some configs and shell scripts

author: Jacob Appelbaum <jacob@appelbaum.net> 2011-08-13 04:36:54 +0200
committer: Jacob Appelbaum <jacob@appelbaum.net> 2011-08-13 04:36:54 +0200
commit: 2196124bf23eb9a9e4b708b2ed098011eb54df2c (patch)
tree: 8dcfae2c770af8e36d180463459358e823802b05 /packages/torouter-prep/configs/tor-wireless-firewall.sh
parent: 49d2d4bf2ef7bf7098a034aa1004a3617a9cda9d (diff)
download: torouter-2196124bf23eb9a9e4b708b2ed098011eb54df2c.tar.gz
torouter-2196124bf23eb9a9e4b708b2ed098011eb54df2c.zip
1 files changed, 20 insertions, 0 deletions
diff --git a/packages/torouter-prep/configs/tor-wireless-firewall.sh b/packages/torouter-prep/configs/tor-wireless-firewall.sh
new file mode 100755
index 0000000..4310e7b
--- /dev/null
+++ b/packages/torouter-prep/configs/tor-wireless-firewall.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+# destinations you don't want routed through Tor
+NON_TOR="10.0.2.0/24 10.23.42.0/24 172.16.23.0/24"
+
+# Tor's TransPort
+TRANS_PORT="9040"
+
+# your internal interface
+INT_IF="uap0"
+
+iptables -F
+iptables -t nat -F
+
+for NET in $NON_TOR; do
+  iptables -t nat -A PREROUTING -i $INT_IF -d $NET -j RETURN
+done
+iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 53 -j REDIRECT --to-ports 5353
+#iptables -t nat -A PREROUTING -i $INT_IF -p udp --dport 67 -j REDIRECT --to-ports 67
+iptables -t nat -A PREROUTING -i $INT_IF -p tcp --syn -j REDIRECT --to-ports $TRANS_PORT
author	Jacob Appelbaum <jacob@appelbaum.net>	2011-08-13 04:36:54 +0200
committer	Jacob Appelbaum <jacob@appelbaum.net>	2011-08-13 04:36:54 +0200
commit	2196124bf23eb9a9e4b708b2ed098011eb54df2c (patch)
tree	8dcfae2c770af8e36d180463459358e823802b05 /packages/torouter-prep/configs/tor-wireless-firewall.sh
parent	49d2d4bf2ef7bf7098a034aa1004a3617a9cda9d (diff)
download	torouter-2196124bf23eb9a9e4b708b2ed098011eb54df2c.tar.gz torouter-2196124bf23eb9a9e4b708b2ed098011eb54df2c.zip