void/scripts/torwall

#!/bin/bash
# tor firewall script - developed by acidvegas (https://git.acid.vegas/void)

# All traffic is routed through Tor.
# printf "DNSPort 53\nTransPort 9040\nSocksPort 9050\nControlPort 9051\n" > /etc/tor/torrc


start_tor() {
    iptables -t nat -A OUTPUT -o lo -j RETURN
    iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040
    iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
    iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 9053
    iptables -A OUTPUT ! -o lo ! -d 127.0.0.1/8 ! -p tcp -j DROP
	echo "repository=http://lysator7eknrfl47rlyxvgeamrv7ucefgrrlhk7rouv3sna25asetwid.onion/pub/voidlinux/current/musl" > /etc/xbps.d/00-repository-main.conf
	echo "nameserver 127.0.0.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf
	export SOCKS_PROXY="socks5://127.0.0.1:9050"
    echo "All traffic is now routed through Tor."
}

new_tor() {
	iptables -F
	iptables -t nat -F

	# Allow local-only connections
	iptables -A OUTPUT -o lo -j ACCEPT

	# Allow the tor process to establish connections
	iptables -A OUTPUT -m owner --uid-owner $(id -u debian-tor) -j ACCEPT

	# Redirect all non-local TCP connections to Tor's TransPort
	iptables -t nat -A OUTPUT -p tcp --syn -j REDIRECT --to-ports 9040

	# Redirect DNS queries to Tor's DNSPort
	iptables -t nat -A OUTPUT -p udp --dport 53 -j REDIRECT --to-ports 9053
	iptables -t nat -A OUTPUT -p tcp --dport 53 -j REDIRECT --to-ports 9053

	# Reject any other outbound traffic
	iptables -A OUTPUT -j REJECT
}

stop_tor() {
    iptables -F
    iptables -t nat -F
	echo "repository=https://repo-default.voidlinux.org/current/musl" > /etc/xbps.d/00-repository-main.conf
	echo "nameserver 1.1.1.1" > /etc/resolv.conf && chattr +i /etc/resolv.conf
	unset SOCKS_PROXY
    echo "Tor-only mode is now off."
}

if [[ $1 == "start" ]]; then
    start_tor
elif [[ $1 == "stop" ]]; then
    stop_tor
else
    echo "Usage: $0 [start|stop]"
fi