#!/bin/sh
#
# secure_tor.sh
# 2011-08-29
#
# Uses iptables to drop every outgoing packet, except TOR
# http://www.torproject.org/
UID_TOR=$(id -u tor)
print_usage () {
echo "Usage: $0 {start|stop|restart}"
}
start () {
iptables -P OUTPUT DROP
iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
iptables -A OUTPUT -m owner --uid-owner $UID_TOR -j ACCEPT
}
stop () {
iptables -P OUTPUT ACCEPT
iptables -D OUTPUT -d 127.0.0.1 -j ACCEPT
iptables -D OUTPUT -m owner --uid-owner $UID_TOR -j ACCEPT
}
case "$1" in
'start')
start
;;
'stop')
stop
;;
'restart')
stop
sleep 1
start
;;
*)
print_usage
;;
esac