$IPTABLES -t nat -F || exit
# Transproxy rules for Tor
-$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit
+$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit
$IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit
# Allow Tor, _apt, root and the network user
-$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit
-$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit
-$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
-$IPTABLES -A OUTPUT -j DROP || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit
+$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit
+$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit
+$IPTABLES -A OUTPUT -j DROP || exit
# Allow SSH
$IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit
# Parameters
SHARE="$1"
+# Additional parameters
+ARCH="`uname -m`"
+
# Include basic functions
. $SHARE/trashman/functions || exit 1
. $SHARE/trashman/debian || exit 1
# Ensure only the local DNS resolver is used (Tor)
# Some systems need this additional configuration so the DNS returned by the
# DHCP server is NOT used
-#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
-#allow-hotplug ens3
-#iface ens3 inet dhcp
-# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
-#EOF
+cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null
+allow-hotplug ens3
+iface ens3 inet dhcp
+ post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf
+EOF
# Tor config
cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc
# Tor Browser config to use the system-installed tor daemon
# Use this to configure your regular user account
# See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ
-#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then
+#
+# Tor Browser path depends on wheter it's installed using hoarder or using
+# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher
+# (also at https://tracker.debian.org/torbrowser-launcher).
+#
+#TB="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser"
+#TB="$HOME/.local/share/tor-browser/$ARCH/latest/Browser"
+#if [ -e "$TB" ]; then
# # Force about:config preferences
-# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js
+# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TB/TorBrowser/Data/Browser/profile.default/user.js
#
# # Hard code control port password into the start-tor-browser script
# sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \
-# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser
+# $TB/start-tor-browser
#fi
projects / trashman.git / commitdiff