Current content:
iptables:
up to date iptables, only allowing:
- DNS traffic with the Cryptostorm deepDNS servers
Cryptostorm exit nodes (port 443 UDP)
local LAN
iptables_logging
- enables logging for INPUT, OUTPUT and FORWARD chains
use


/Fermi
Code: Select all
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic"
iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic"
Code: Select all
#!/bin/bash
if [ `id -u` != "0" ]; then
echo "Error: you must be root to run this script!"
exit 1
fi
if [ $OSTYPE != "linux-gnu" ]; then
echo "Error: this script is only for Linux!"
exit 1
fi
IPT=`command -v iptables`
if [ $? -ne 0 ]; then
echo "Error: cannot find iptables on this system."
exit 1
fi
echo -e "\033[31mWARNING:\033[00m";
echo -e "This script will disconnect you if you are remotely connected to this system\n"
read -rp "Clear current iptables rules? [Y/n]" idunno
idunno=${idunno,,}
if [[ $idunno =~ ^(yes|y|^$) ]]; then
echo "Flushing existing rules..."
$IPT -F
else
read -rp "Continue with script [Y/n]" whatever
whatever=${whatever,,}
if ! [[ $whatever =~ ^(y|yes|^$) ]]; then
echo "Ok, exiting..."
exit 1
fi
fi
read -rp "Apply rules now [Y/n]" surewhynot
surewhynot=${surewhynot,,}
if ! [[ $surewhynot =~ ^(y|yes|^$) ]]; then
echo "Ok, exiting..."
exit 1
fi
echo "Applying rules..."
$IPT -A OUTPUT -d 46.165.222.248 -j ACCEPT
$IPT -A OUTPUT -d 46.165.222.245 -j ACCEPT
$IPT -A OUTPUT -d 46.165.222.246 -j ACCEPT
$IPT -A OUTPUT -d 79.134.235.133 -j ACCEPT
$IPT -A OUTPUT -d 79.134.235.134 -j ACCEPT
$IPT -A OUTPUT -d 79.134.235.131 -j ACCEPT
$IPT -A OUTPUT -d 212.83.167.81 -j ACCEPT
$IPT -A OUTPUT -d 212.83.163.209 -j ACCEPT
$IPT -A OUTPUT -d 212.129.46.86 -j ACCEPT
$IPT -A OUTPUT -d 212.83.161.53 -j ACCEPT
$IPT -A OUTPUT -d 212.129.25.237 -j ACCEPT
$IPT -A OUTPUT -d 212.129.46.32 -j ACCEPT
$IPT -A OUTPUT -d 198.27.89.56 -j ACCEPT
$IPT -A OUTPUT -d 198.27.76.1 -j ACCEPT
$IPT -A OUTPUT -d 198.100.159.249 -j ACCEPT
$IPT -A OUTPUT -d 130.180.201.117 -j ACCEPT
$IPT -A OUTPUT -d 130.180.201.118 -j ACCEPT
$IPT -A OUTPUT -d 31.24.34.50 -j ACCEPT
$IPT -A OUTPUT -d 109.71.42.163 -j ACCEPT
$IPT -A OUTPUT -d 109.71.42.164 -j ACCEPT
$IPT -A OUTPUT -d 109.71.42.228 -j ACCEPT
$IPT -A OUTPUT -d 91.214.70.206 -j ACCEPT
$IPT -A OUTPUT -d 91.214.70.207 -j ACCEPT
$IPT -A OUTPUT -d 91.214.70.199 -j ACCEPT
$IPT -A OUTPUT -d 76.164.234.12 -j ACCEPT
$IPT -A OUTPUT -d 76.164.234.13 -j ACCEPT
$IPT -A OUTPUT -d 76.164.234.11 -j ACCEPT
$IPT -A OUTPUT -d 103.254.153.243 -j ACCEPT
$IPT -A OUTPUT -d 103.254.153.242 -j ACCEPT
$IPT -A OUTPUT -d 103.254.153.244 -j ACCEPT
$IPT -A OUTPUT -d 142.54.172.52 -j ACCEPT
$IPT -A OUTPUT -d 142.54.172.51 -j ACCEPT
$IPT -A OUTPUT -d 142.54.172.53 -j ACCEPT
$IPT -A OUTPUT -d 212.129.34.154 -j ACCEPT
$IPT -A OUTPUT -d 195.154.33.73 -j ACCEPT
$IPT -A OUTPUT -d 212.129.10.40 -j ACCEPT
$IPT -A OUTPUT -d 195.154.33.76 -j ACCEPT
$IPT -A OUTPUT -j DROP
echo "Done!"
df wrote:I'm probably wrong, but I think these lines will allow leaks:Code: Select all
iptables -A INPUT -s 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic"
iptables -A OUTPUT -d 192.168.1.0/24 -j ACCEPT -m comment --comment "allow all local traffic"
Return to “cryptostorm in-depth: announcements, how it works, what it is”
Users browsing this forum: No registered users and 10 guests