Do I Only Need to Run This Script File Once?
Clash Royale CLAN TAG#URR8PPP
up vote
-4
down vote
favorite
Do I need to only run this script file once? After that the docker torproxy container will be working as it is supposed to or do I need to run this every time I restart the computer?
#!/usr/bin/env bash
#===============================================================================
# FILE: tor-route-all-traffic.sh
#
# USAGE: ./tor-route-all-traffic.sh
#
# DESCRIPTION: Route all traffic through a docker tor container
#
# OPTIONS: ---
# REQUIREMENTS: running tor docker container
# BUGS: ---
# NOTES: ---
# AUTHOR: David Personette (dperson@gmail.com),
# ORGANIZATION:
# CREATED: 2015-07-06 05:59
# REVISION: 0.1
#===============================================================================
set -euo pipefail # Treat unset variables as an error
# Most of this is from
# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
### set variables
# destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
### get the container tor runs in
_tor_container=$(docker ps | awk '/torproxy/')
if [[ "$_tor_container" == "" ]]; then
echo 'ERROR: you must start a tor proxy container first, IE:'
echo ' docker run -d --net host --restart always dperson/torproxy'
exit 1
fi
### get the UID that tor runs as
_tor_uid=$(docker exec $_tor_container id -u tor)
### Tor's TransPort
_trans_port="9040"
_dns_port="5353"
### flush iptables
iptables -F
iptables -t nat -F
### set iptables *nat to ignore tor user
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
### redirect all DNS output to tor's DNSPort
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $_dns_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
### redirect all other output to tor's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
### allow only tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
linux docker
add a comment |Â
up vote
-4
down vote
favorite
Do I need to only run this script file once? After that the docker torproxy container will be working as it is supposed to or do I need to run this every time I restart the computer?
#!/usr/bin/env bash
#===============================================================================
# FILE: tor-route-all-traffic.sh
#
# USAGE: ./tor-route-all-traffic.sh
#
# DESCRIPTION: Route all traffic through a docker tor container
#
# OPTIONS: ---
# REQUIREMENTS: running tor docker container
# BUGS: ---
# NOTES: ---
# AUTHOR: David Personette (dperson@gmail.com),
# ORGANIZATION:
# CREATED: 2015-07-06 05:59
# REVISION: 0.1
#===============================================================================
set -euo pipefail # Treat unset variables as an error
# Most of this is from
# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
### set variables
# destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
### get the container tor runs in
_tor_container=$(docker ps | awk '/torproxy/')
if [[ "$_tor_container" == "" ]]; then
echo 'ERROR: you must start a tor proxy container first, IE:'
echo ' docker run -d --net host --restart always dperson/torproxy'
exit 1
fi
### get the UID that tor runs as
_tor_uid=$(docker exec $_tor_container id -u tor)
### Tor's TransPort
_trans_port="9040"
_dns_port="5353"
### flush iptables
iptables -F
iptables -t nat -F
### set iptables *nat to ignore tor user
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
### redirect all DNS output to tor's DNSPort
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $_dns_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
### redirect all other output to tor's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
### allow only tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
linux docker
1
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12
add a comment |Â
up vote
-4
down vote
favorite
up vote
-4
down vote
favorite
Do I need to only run this script file once? After that the docker torproxy container will be working as it is supposed to or do I need to run this every time I restart the computer?
#!/usr/bin/env bash
#===============================================================================
# FILE: tor-route-all-traffic.sh
#
# USAGE: ./tor-route-all-traffic.sh
#
# DESCRIPTION: Route all traffic through a docker tor container
#
# OPTIONS: ---
# REQUIREMENTS: running tor docker container
# BUGS: ---
# NOTES: ---
# AUTHOR: David Personette (dperson@gmail.com),
# ORGANIZATION:
# CREATED: 2015-07-06 05:59
# REVISION: 0.1
#===============================================================================
set -euo pipefail # Treat unset variables as an error
# Most of this is from
# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
### set variables
# destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
### get the container tor runs in
_tor_container=$(docker ps | awk '/torproxy/')
if [[ "$_tor_container" == "" ]]; then
echo 'ERROR: you must start a tor proxy container first, IE:'
echo ' docker run -d --net host --restart always dperson/torproxy'
exit 1
fi
### get the UID that tor runs as
_tor_uid=$(docker exec $_tor_container id -u tor)
### Tor's TransPort
_trans_port="9040"
_dns_port="5353"
### flush iptables
iptables -F
iptables -t nat -F
### set iptables *nat to ignore tor user
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
### redirect all DNS output to tor's DNSPort
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $_dns_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
### redirect all other output to tor's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
### allow only tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
linux docker
Do I need to only run this script file once? After that the docker torproxy container will be working as it is supposed to or do I need to run this every time I restart the computer?
#!/usr/bin/env bash
#===============================================================================
# FILE: tor-route-all-traffic.sh
#
# USAGE: ./tor-route-all-traffic.sh
#
# DESCRIPTION: Route all traffic through a docker tor container
#
# OPTIONS: ---
# REQUIREMENTS: running tor docker container
# BUGS: ---
# NOTES: ---
# AUTHOR: David Personette (dperson@gmail.com),
# ORGANIZATION:
# CREATED: 2015-07-06 05:59
# REVISION: 0.1
#===============================================================================
set -euo pipefail # Treat unset variables as an error
# Most of this is from
# https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
### set variables
# destinations you don't want routed through Tor
_non_tor="192.168.1.0/24 192.168.0.0/24"
### get the container tor runs in
_tor_container=$(docker ps | awk '/torproxy/')
if [[ "$_tor_container" == "" ]]; then
echo 'ERROR: you must start a tor proxy container first, IE:'
echo ' docker run -d --net host --restart always dperson/torproxy'
exit 1
fi
### get the UID that tor runs as
_tor_uid=$(docker exec $_tor_container id -u tor)
### Tor's TransPort
_trans_port="9040"
_dns_port="5353"
### flush iptables
iptables -F
iptables -t nat -F
### set iptables *nat to ignore tor user
iptables -t nat -A OUTPUT -m owner --uid-owner $_tor_uid -j RETURN
### redirect all DNS output to tor's DNSPort
iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports $_dns_port
### set iptables *filter
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
### allow clearnet access for hosts in $_non_tor
for _clearnet in $_non_tor 127.0.0.0/8; do
iptables -t nat -A OUTPUT -d $_clearnet -j RETURN
iptables -A OUTPUT -d $_clearnet -j ACCEPT
done
### redirect all other output to tor's TransPort
iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports $_trans_port
### allow only tor output
iptables -A OUTPUT -m owner --uid-owner $_tor_uid -j ACCEPT
iptables -A OUTPUT -j REJECT
linux docker
asked Nov 28 '17 at 8:53
DrWongKC
32
32
1
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12
add a comment |Â
1
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12
1
1
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
1
down vote
accepted
The iptables
settings don't automatically persist across reboots. So unless your Linux distribution has some other feature that saves the current iptables settings at shutdown and restores them after a reboot, yes you will need to re-run that script every time you restart your computer.
Of course, nobody said you have to do it manually.
You should probably look into adding this script into your system's start-up scripts. Details will vary by Linux distribution.
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
1
down vote
accepted
The iptables
settings don't automatically persist across reboots. So unless your Linux distribution has some other feature that saves the current iptables settings at shutdown and restores them after a reboot, yes you will need to re-run that script every time you restart your computer.
Of course, nobody said you have to do it manually.
You should probably look into adding this script into your system's start-up scripts. Details will vary by Linux distribution.
add a comment |Â
up vote
1
down vote
accepted
The iptables
settings don't automatically persist across reboots. So unless your Linux distribution has some other feature that saves the current iptables settings at shutdown and restores them after a reboot, yes you will need to re-run that script every time you restart your computer.
Of course, nobody said you have to do it manually.
You should probably look into adding this script into your system's start-up scripts. Details will vary by Linux distribution.
add a comment |Â
up vote
1
down vote
accepted
up vote
1
down vote
accepted
The iptables
settings don't automatically persist across reboots. So unless your Linux distribution has some other feature that saves the current iptables settings at shutdown and restores them after a reboot, yes you will need to re-run that script every time you restart your computer.
Of course, nobody said you have to do it manually.
You should probably look into adding this script into your system's start-up scripts. Details will vary by Linux distribution.
The iptables
settings don't automatically persist across reboots. So unless your Linux distribution has some other feature that saves the current iptables settings at shutdown and restores them after a reboot, yes you will need to re-run that script every time you restart your computer.
Of course, nobody said you have to do it manually.
You should probably look into adding this script into your system's start-up scripts. Details will vary by Linux distribution.
answered Nov 28 '17 at 9:17
telcoM
11.2k11233
11.2k11233
add a comment |Â
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f407442%2fdo-i-only-need-to-run-this-script-file-once%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
1
Anyway, you will get less minus points if you include, well any information about that script. Like where did you get it, why do you use it and so on.
â Vlastimil
Nov 28 '17 at 9:12