⎗ ✓ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100#!/bin/sh -eu # Jayanta 4.2.1 # The Unlicense # Tiny Tor Transparent Proxy - TTTP # 1. 不正な目的に使わないでね! # 2. 大いなる力には大いなる責任が伴うからね! # 3. 他者へ配慮を忘れずに責任を持って使ってね! # 1. Don't use it for malicious purposes! # 2. With great power comes great responsibility! # 3. Use it responsibly and be considerate of others! # CLOUDFLARE IPS # https://www.cloudflare.com/ips/ # INSTALL WARP-CLI # ARCH='amd64'; echo "$ARCH" # sudo mkdir -p /usr/share/keyrings && sudo apt install curl lsb-release # curl -fsSL https://pkg.cloudflareclient.com/pubkey.gpg | sudo gpg --yes --dearmor --output /usr/share/keyrings/cloudflare-warp-archive-keyring.gpg # echo "deb [arch=$ARCH signed-by=/usr/share/keyrings/cloudflare-warp-archive-keyring.gpg] https://pkg.cloudflareclient.com/ $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/cloudflare-client.list # sudo apt update && sudo apt install cloudflare-warp -y PATH='/sbin:/bin' type warp-cli systemctl || exit 1 type tor sysctl iptables ip6tables || exit 2 [ "$(id -u)" != "0" ] && echo 'run as root.' && exit 3 sysctl -w net.ipv6.conf.all.disable_ipv6=1 -w net.ipv6.conf.default.disable_ipv6=1 || exit 4 TOR_UID=''; for tor_uid in tor toranon debian-tor; do id "$tor_uid" && TOR_UID="$tor_uid" && break; done; id "$TOR_UID" || { echo 'TOR_UID is not found.'; exit 5; } WARP_IP='162.158.0.0/15'; RESERVED_IP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8' ip6tables -F ip6tables -A INPUT -j DROP ip6tables -P INPUT DROP ip6tables -A FORWARD -j DROP ip6tables -P FORWARD DROP ip6tables -A OUTPUT -j DROP ip6tables -P OUTPUT DROP ip6tables -nvL iptables -t nat -F iptables -t nat -A OUTPUT -m string --hex-string '|2112a442|' --algo bm -j RETURN iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-port 9053 iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -m multiport --dports 80,443 --syn -j REDIRECT --to-port 9040 iptables -t nat -A OUTPUT -m owner --uid-owner "$TOR_UID" -j RETURN iptables -t nat -A OUTPUT -d "$WARP_IP" -j RETURN iptables -t nat -A OUTPUT -o lo -j RETURN # shellcheck disable=SC2116 for reserved_ip in $(echo "$RESERVED_IP"); do iptables -t nat -A OUTPUT -d "$reserved_ip" -j RETURN done iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 --syn -j REDIRECT --to-port 9040 iptables -t nat -nvL iptables -F iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A INPUT -j DROP iptables -P INPUT DROP iptables -A FORWARD -j DROP iptables -P FORWARD DROP iptables -A OUTPUT -m string --hex-string '|2112a442|' --algo bm -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p udp -d 127.0.0.1 --dport 9053 -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9040 --syn -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 9050 --syn -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp -d 127.0.0.1 --dport 1080 --syn -m state --state NEW -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 --syn -m owner --uid-owner "$TOR_UID" -m state --state NEW -j ACCEPT iptables -A OUTPUT -d "$WARP_IP" -m state --state NEW -j ACCEPT iptables -A OUTPUT -o lo -d 127.0.0.1 -j ACCEPT # shellcheck disable=SC2116 for reserved_ip in $(echo "$RESERVED_IP"); do iptables -A OUTPUT -d "$reserved_ip" -j DROP done iptables -A OUTPUT -j DROP iptables -P OUTPUT DROP iptables -nvL { echo "NewCircuitPeriod 30" echo "MaxCircuitDirtiness 30" echo echo "FascistFirewall 1" echo "ReachableAddresses *:443" echo echo "User $TOR_UID" echo "DataDirectory /var/lib/tor" echo echo "DNSPort 9053" echo "TransPort 9040" echo "SocksPort 9050" echo "AutomapHostsOnResolve 1" echo "AutomapHostsSuffixes .onion" echo "VirtualAddrNetworkIPv4 10.192.0.0/10" } > /etc/tor/torrc; cat /etc/tor/torrc warp-cli registration new || true; warp-cli mode proxy; warp-cli proxy port 1080; warp-cli connect ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime; cat /etc/localtime; systemctl restart tor warp-svc
Warning LINK You are about to visit a link which has been flagged with the above content warnings. Do you wish to continue? Continue Cancel