From 6ed81736214fba2654cdbaa3879be0daa5a7e065 Mon Sep 17 00:00:00 2001 From: GouveaHeitor Date: Mon, 16 Dec 2019 07:41:44 -0300 Subject: [PATCH 1/7] Create FUNDING.yml --- .github/FUNDING.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/FUNDING.yml diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..d2e7dbf --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1,12 @@ +# These are supported funding model platforms + +github: GouveaHeitor +patreon: # Replace with a single Patreon username +open_collective: # Replace with a single Open Collective username +ko_fi: # Replace with a single Ko-fi username +tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel +community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry +liberapay: # Replace with a single Liberapay username +issuehunt: # Replace with a single IssueHunt username +otechie: # Replace with a single Otechie username +custom: # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2'] From 140a4c524c73a9a853aef7f7790ecaa607d05886 Mon Sep 17 00:00:00 2001 From: GouveaHeitor Date: Mon, 16 Dec 2019 07:42:49 -0300 Subject: [PATCH 2/7] Update FUNDING.yml --- .github/FUNDING.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml index d2e7dbf..d14ce76 100644 --- a/.github/FUNDING.yml +++ b/.github/FUNDING.yml @@ -1,6 +1,6 @@ # These are supported funding model platforms -github: GouveaHeitor +github: #GouveaHeitor patreon: # Replace with a single Patreon username open_collective: # Replace with a single Open Collective username ko_fi: # Replace with a single Ko-fi username From e925459b1ab5df514cb2adff0273340db75f45bb Mon Sep 17 00:00:00 2001 From: GouveaHeitor Date: Mon, 23 Dec 2019 18:29:54 -0300 Subject: [PATCH 3/7] Update blank.yml --- .github/workflows/blank.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/blank.yml b/.github/workflows/blank.yml index 0c3a49b..2ada561 100644 --- a/.github/workflows/blank.yml +++ b/.github/workflows/blank.yml @@ -9,10 +9,10 @@ jobs: steps: - uses: actions/checkout@v1 - - name: Run a multi-line script + - name: Installing dependencies and verify Nipe Status run: | sudo apt install -y tor iptables perl sudo cpan install Switch JSON LWP::UserAgent Config::Simple sudo cp .configs/debian-torrc /etc/tor/torrc sudo chmod 644 /etc/tor/torrc - perl nipe.pl status \ No newline at end of file + perl nipe.pl status From 5d46c89b3be071f8c9ea595cff39f12ba6abd31e Mon Sep 17 00:00:00 2001 From: GouveaHeitor Date: Wed, 1 Jan 2020 13:31:20 -0300 Subject: [PATCH 4/7] update year of license --- LICENSE.md | 2 +- lib/Nipe/Functions.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/LICENSE.md b/LICENSE.md index 089db42..d56d7c6 100644 --- a/LICENSE.md +++ b/LICENSE.md @@ -2,7 +2,7 @@ License ============== The MIT License (MIT) -Copyright (c) 2015 - 2019 Heitor Gouvêa +Copyright (c) 2015 - 2020 | Heitor Gouvêa Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/lib/Nipe/Functions.pm b/lib/Nipe/Functions.pm index 6f2cc5f..5abd0fe 100644 --- a/lib/Nipe/Functions.pm +++ b/lib/Nipe/Functions.pm @@ -16,7 +16,7 @@ sub help { \r\trestart Restart the Nipe process \r\tstatus See status - \rCopyright (c) 2015 - 2019 Heitor Gouvêa\n\n"; + \rCopyright (c) 2015 - 2020 | Heitor Gouvêa\n\n"; return true; } From bfb756d8aa13c94d8a137b9ba763d95917b5ac2a Mon Sep 17 00:00:00 2001 From: GouveaHeitor Date: Tue, 14 Jan 2020 07:13:27 -0300 Subject: [PATCH 5/7] add sudo command on instructions to install dependencies --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2e54efb..86cf4ab 100644 --- a/README.md +++ b/README.md @@ -40,7 +40,7 @@ $ cd nipe # Install libs and dependencies - $ cpan install Switch JSON LWP::UserAgent Config::Simple + $ sudo cpan install Switch JSON LWP::UserAgent Config::Simple $ perl nipe.pl install ``` From 29da718274300c3a8b0175f7f72aa06f96e8fa91 Mon Sep 17 00:00:00 2001 From: pest Date: Thu, 20 Feb 2020 00:57:30 +0700 Subject: [PATCH 6/7] checking for exists /etc/tor/torrc & rename if exist --- lib/Nipe/Functions.pm | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/Nipe/Functions.pm b/lib/Nipe/Functions.pm index 4c4cbb1..18f12cf 100644 --- a/lib/Nipe/Functions.pm +++ b/lib/Nipe/Functions.pm @@ -26,6 +26,10 @@ sub install { system ("sudo mkdir -p /etc/tor"); + if ( -e "/etc/tor/torrc") { + system ("sudo mv /etc/tor/torrc /etc/tor/torrc.bak") + } + if ($operationalSystem eq "debian") { system ("sudo apt-get install tor iptables"); system ("sudo cp .configs/debian-torrc /etc/tor/torrc"); @@ -59,4 +63,4 @@ sub install { return true; } -1; \ No newline at end of file +1; From 9b6e7c6ca04b5f3f851c0be5532be7c3f1574a95 Mon Sep 17 00:00:00 2001 From: pest Date: Fri, 21 Feb 2020 00:04:48 +0700 Subject: [PATCH 7/7] few changes. experement iptables-save-restore --- before_run.iptables | 15 ++++++++ iptables_tor_rules.iptables | 37 ++++++++++++++++++ lib/Nipe/Start.pm | 75 +++++++++++++++++++------------------ lib/Nipe/Stop.pm | 11 +++--- 4 files changed, 97 insertions(+), 41 deletions(-) create mode 100644 before_run.iptables create mode 100644 iptables_tor_rules.iptables diff --git a/before_run.iptables b/before_run.iptables new file mode 100644 index 0000000..2ae1486 --- /dev/null +++ b/before_run.iptables @@ -0,0 +1,15 @@ +# Generated by iptables-save v1.8.3 on Thu Feb 20 23:59:42 2020 +*filter +:INPUT ACCEPT [203:28011] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [269:23054] +COMMIT +# Completed on Thu Feb 20 23:59:42 2020 +# Generated by iptables-save v1.8.3 on Thu Feb 20 23:59:42 2020 +*nat +:PREROUTING ACCEPT [0:0] +:INPUT ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +COMMIT +# Completed on Thu Feb 20 23:59:42 2020 diff --git a/iptables_tor_rules.iptables b/iptables_tor_rules.iptables new file mode 100644 index 0000000..2e0da49 --- /dev/null +++ b/iptables_tor_rules.iptables @@ -0,0 +1,37 @@ +# Generated by iptables-save v1.8.3 on Thu Feb 20 23:46:03 2020 +*filter +:INPUT ACCEPT [361:48646] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] +-A OUTPUT -m state --state ESTABLISHED -j ACCEPT +-A OUTPUT -m owner --uid-owner 124 -j ACCEPT +-A OUTPUT -p udp -m udp --dport 9061 -j ACCEPT +-A OUTPUT -p tcp -m tcp --dport 9061 -j ACCEPT +-A OUTPUT -d 10.66.0.0/16 -p tcp -j ACCEPT +-A OUTPUT -d 127.0.0.0/8 -j ACCEPT +-A OUTPUT -d 192.168.0.0/16 -j ACCEPT +-A OUTPUT -d 172.16.0.0/12 -j ACCEPT +-A OUTPUT -d 10.0.0.0/8 -j ACCEPT +-A OUTPUT -p tcp -j ACCEPT +-A OUTPUT -p udp -j REJECT --reject-with icmp-port-unreachable +-A OUTPUT -p icmp -j REJECT --reject-with icmp-port-unreachable +COMMIT +# Completed on Thu Feb 20 23:46:03 2020 +# Generated by iptables-save v1.8.3 on Thu Feb 20 23:46:03 2020 +*nat +:PREROUTING ACCEPT [2:1064] +:INPUT ACCEPT [2:1064] +:OUTPUT ACCEPT [7:5851] +:POSTROUTING ACCEPT [85:7114] +-A OUTPUT -m state --state ESTABLISHED -j RETURN +-A OUTPUT -m owner --uid-owner 124 -j RETURN +-A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 9061 +-A OUTPUT -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 9061 +-A OUTPUT -d 10.66.0.0/16 -p tcp -j REDIRECT --to-ports 9051 +-A OUTPUT -d 127.0.0.0/8 -j RETURN +-A OUTPUT -d 192.168.0.0/16 -j RETURN +-A OUTPUT -d 172.16.0.0/12 -j RETURN +-A OUTPUT -d 10.0.0.0/8 -j RETURN +-A OUTPUT -p tcp -j REDIRECT --to-ports 9051 +COMMIT +# Completed on Thu Feb 20 23:46:03 2020 diff --git a/lib/Nipe/Start.pm b/lib/Nipe/Start.pm index b7133c5..647060d 100644 --- a/lib/Nipe/Start.pm +++ b/lib/Nipe/Start.pm @@ -7,7 +7,7 @@ use Nipe::Device; sub new { my $dnsPort = "9061"; my $transferPort = "9051"; - my @table = ("nat", "filter"); + # my @table = ("nat", "filter"); my $network = "10.66.0.0/255.255.0.0"; my $username = Nipe::Device -> getUsername(); @@ -19,54 +19,57 @@ sub new { else { system ("sudo systemctl start tor"); } - - foreach my $table (@table) { - my $target = "ACCEPT"; - if ($table eq "nat") { - $target = "RETURN"; - } + system ("sudo iptables-save > before_run.iptables"); + system ("sudo iptables-restore < iptables_tor_rules.iptables"); + + # foreach my $table (@table) { + # my $target = "ACCEPT"; - system ("sudo iptables -t $table -F OUTPUT"); - system ("sudo iptables -t $table -A OUTPUT -m state --state ESTABLISHED -j $target"); - system ("sudo iptables -t $table -A OUTPUT -m owner --uid $username -j $target"); + # if ($table eq "nat") { + # $target = "RETURN"; + # } - my $matchDnsPort = $dnsPort; + # system ("sudo iptables -t $table -F OUTPUT"); + # system ("sudo iptables -t $table -A OUTPUT -m state --state ESTABLISHED -j $target"); + # system ("sudo iptables -t $table -A OUTPUT -m owner --uid $username -j $target"); - if ($table eq "nat") { - $target = "REDIRECT --to-ports $dnsPort"; - $matchDnsPort = "53"; - } + # my $matchDnsPort = $dnsPort; - system ("sudo iptables -t $table -A OUTPUT -p udp --dport $matchDnsPort -j $target"); - system ("sudo iptables -t $table -A OUTPUT -p tcp --dport $matchDnsPort -j $target"); + # if ($table eq "nat") { + # $target = "REDIRECT --to-ports $dnsPort"; + # $matchDnsPort = "53"; + # } - if ($table eq "nat") { - $target = "REDIRECT --to-ports $transferPort"; - } + # system ("sudo iptables -t $table -A OUTPUT -p udp --dport $matchDnsPort -j $target"); + # system ("sudo iptables -t $table -A OUTPUT -p tcp --dport $matchDnsPort -j $target"); - system ("sudo iptables -t $table -A OUTPUT -d $network -p tcp -j $target"); + # if ($table eq "nat") { + # $target = "REDIRECT --to-ports $transferPort"; + # } - if ($table eq "nat") { - $target = "RETURN"; - } + # system ("sudo iptables -t $table -A OUTPUT -d $network -p tcp -j $target"); - system ("sudo iptables -t $table -A OUTPUT -d 127.0.0.1/8 -j $target"); - system ("sudo iptables -t $table -A OUTPUT -d 192.168.0.0/16 -j $target"); - system ("sudo iptables -t $table -A OUTPUT -d 172.16.0.0/12 -j $target"); - system ("sudo iptables -t $table -A OUTPUT -d 10.0.0.0/8 -j $target"); + # if ($table eq "nat") { + # $target = "RETURN"; + # } - if ($table eq "nat") { - $target = "REDIRECT --to-ports $transferPort"; - } + # system ("sudo iptables -t $table -A OUTPUT -d 127.0.0.1/8 -j $target"); + # system ("sudo iptables -t $table -A OUTPUT -d 192.168.0.0/16 -j $target"); + # system ("sudo iptables -t $table -A OUTPUT -d 172.16.0.0/12 -j $target"); + # system ("sudo iptables -t $table -A OUTPUT -d 10.0.0.0/8 -j $target"); - system ("sudo iptables -t $table -A OUTPUT -p tcp -j $target"); - } + # if ($table eq "nat") { + # $target = "REDIRECT --to-ports $transferPort"; + # } + + # system ("sudo iptables -t $table -A OUTPUT -p tcp -j $target"); + # } - system ("sudo iptables -t filter -A OUTPUT -p udp -j REJECT"); - system ("sudo iptables -t filter -A OUTPUT -p icmp -j REJECT"); + # system ("sudo iptables -t filter -A OUTPUT -p udp -j REJECT"); + # system ("sudo iptables -t filter -A OUTPUT -p icmp -j REJECT"); return true; } -1; \ No newline at end of file +1; diff --git a/lib/Nipe/Stop.pm b/lib/Nipe/Stop.pm index d86a985..3e7cc00 100644 --- a/lib/Nipe/Stop.pm +++ b/lib/Nipe/Stop.pm @@ -5,10 +5,11 @@ package Nipe::Stop; sub new { my @table = ("nat", "filter"); - foreach my $table (@table) { - system ("sudo iptables -t $table -F OUTPUT"); - system ("sudo iptables -t $table -F OUTPUT"); - } + # foreach my $table (@table) { + # system ("sudo iptables -t $table -F OUTPUT"); + # system ("sudo iptables -t $table -F OUTPUT"); + # } + system ("sudo iptables-restore < before_run.iptables"); if (-e "/etc/init.d/tor") { system ("sudo /etc/init.d/tor stop > /dev/null"); @@ -21,4 +22,4 @@ sub new { return true; } -1; \ No newline at end of file +1;