⎗ ✓ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78#!/bin/sh # Jayanta / 2025-12-26 / The Unlicense / 無保証 / 自己責任 # 1. 不正な目的に使用しないこと。 # 2. 他者への配慮を忘れずに、責任を持って使用すること。 # 3. 力を持つ者は、自由よりも自制を求められることを自覚すること。 # https://www.cloudflare.com/ips/ # https://pkg.cloudflareclient.com/ # https://github.com/cloudflare/cloudflared/releases/ # sudo apt purge avahi-daemon && sudo apt autoremove --purge PATH='/usr/sbin:/usr/bin' [ "$(id -u)" -ne 0 ] && exit 1 type warp-cli cloudflared tor iptables || exit 2 [ -f /etc/dnsmasq.conf ] || { echo 'dnsmasq not found'; exit 3; } TOR_UID='debian-tor'; id "$TOR_UID" || { echo 'CHANGE: TOR_UID= tor, toranon, debian-tor.'; exit 4; } DNS_UID='cloudflared'; id "$DNS_UID" || useradd --system --no-create-home --shell /usr/sbin/nologin "$DNS_UID" || { echo 'ERROR: USERADD.'; exit 5; } sysctl -w net.core.default_qdisc=fq -w net.ipv4.tcp_no_metrics_save=1 -w net.ipv4.tcp_congestion_control=bbr -w net.ipv4.icmp_echo_ignore_all=1 -w net.ipv6.conf.all.disable_ipv6=1 -w net.ipv6.conf.default.disable_ipv6=1 || { echo 'ERROR: SYSCTL.'; exit 6; } DNS_IP='94.140.14.15'; WARP_IP='162.158.0.0/15'; RESERVED_IP='255.255.255.255/32 240.0.0.0/4 233.252.0.0/24 224.0.0.0/4 203.0.113.0/24 198.51.100.0/24 198.18.0.0/15 192.168.0.0/16 192.88.99.0/24 192.0.2.0/24 192.0.0.0/24 172.16.0.0/12 169.254.0.0/16 127.0.0.0/8 100.64.0.0/10 10.0.0.0/8 0.0.0.0/8' iptables -t nat -F iptables -t nat -A OUTPUT -p tcp -d 10.192.0.0/10 -m multiport --dports 80,443 --syn -j REDIRECT --to-port 9040 iptables -t nat -A OUTPUT -m owner --uid-owner "$TOR_UID" -j RETURN iptables -t nat -A OUTPUT -d "$WARP_IP" -j RETURN iptables -t nat -A OUTPUT -d 127.0.0.1 -j RETURN iptables -t nat -A OUTPUT -o lo -j RETURN for reserved_ip in $RESERVED_IP; do iptables -t nat -A OUTPUT -d "$reserved_ip" -j RETURN; done iptables -t nat -A OUTPUT -p tcp -m multiport --dports 80,443 --syn -j REDIRECT --to-port 9040 iptables -t nat -nvL iptables -F iptables -P INPUT DROP; iptables -P FORWARD DROP; iptables -P OUTPUT DROP iptables -A INPUT -m state --state ESTABLISHED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -A OUTPUT ! -d 127.0.0.1 -m owner --uid-owner "$DNS_UID" -j DROP iptables -A OUTPUT -m state --state INVALID -j DROP iptables -A OUTPUT -m state --state ESTABLISHED -j ACCEPT iptables -A OUTPUT -p tcp --dport 443 --syn -m owner --uid-owner "$TOR_UID" -m state --state NEW -j ACCEPT iptables -A OUTPUT -d "$WARP_IP" -m state --state NEW -j ACCEPT iptables -A OUTPUT -d 127.0.0.1 -m state --state NEW -j ACCEPT iptables -A OUTPUT -o lo -j ACCEPT iptables -nvL { echo "nameserver 127.0.0.1" } > /etc/resolv.conf; cat /etc/resolv.conf { echo "NewCircuitPeriod 30" echo "MaxCircuitDirtiness 30" echo echo "FascistFirewall 1" echo "ReachableAddresses *:443" echo echo "User $TOR_UID" echo "DataDirectory /var/lib/tor" echo echo "DNSPort 9053" echo "TransPort 9040" echo "SocksPort 9050" echo "AutomapHostsOnResolve 1" echo "AutomapHostsSuffixes .onion" echo "VirtualAddrNetworkIPv4 10.192.0.0/10" } > /etc/tor/torrc; cat /etc/tor/torrc; service tor restart { echo "server=/onion/127.0.0.1#9053" echo "server=127.0.0.1#5300" echo "cache-size=1000" echo "no-resolv" echo "listen-address=127.0.0.1" echo "bind-interfaces" } > /etc/dnsmasq.conf; cat /etc/dnsmasq.conf; service dnsmasq restart ln -sf /usr/share/zoneinfo/Etc/UTC /etc/localtime; cat /etc/localtime pkill -u "$DNS_UID" -x cloudflared; runuser -u "$DNS_UID" -- sh -c "cloudflared proxy-dns --address 127.0.0.1 --port 5300 --upstream https://$DNS_IP/dns-query &" warp-cli registration show | grep -i 'account type' || warp-cli registration new; warp-cli mode proxy; warp-cli proxy port 1080; warp-cli connect; service warp-svc restart
Warning LINK You are about to visit a link which has been flagged with the above content warnings. Do you wish to continue? Continue Cancel