Jump to content
Not connected, Your IP: 3.16.15.149
AirVPN
Sign in to follow this  
Followers 0
paintballdude11

Prevent Leaks with Linux Iptables modified script

By paintballdude11, ... in General & Suggestions

Recommended Posts

paintballdude11    0

paintballdude11
Posted ...

Found some code on here to prevent leaks in linux using iptables and modified it, it's a little more user friendly now. Feedback and or any bug fixes/suggestions would be appreciated.

1) copy and paste the code below into a file, name it anything with the file extension .sh.

i.e.: droppackets.sh

2) open terminal & type: chmod +x droppackets.sh

3) to run type in terminal: sudo ./droppackets.sh eth vega

that's it.

#!/bin/sh

vpnnameinput="$2"

vpnname1="aquarii"

vpnname2="geminorum"

vpnname3="omicron"

vpnname4="tauri"

vpnname5="bootis"

vpnname6="cassiopeia"

vpnname7="herculis"

vpnname8="castor"

vpnname9="leonis"

vpnname10="leporis"

vpnname11="lyra"

vpnname12="orionis"

vpnname13="serpentis"

vpnname14="arietis"

vpnname15="librae"

vpnname16="sirius"

vpnname17="vega"

lannameinput="$1"

lanname1="eth"

lanname2="wlan"

###

if [ -z "$lannameinput" ] ; then

echo "Please choose a network interface."

echo -e "i.e.: \tsudo $0 eth server\n\tsudo $0 wlan server"

#"wlan or eth?"

exit 1

fi

###

if [ "${1,,}" == "$lanname1" ]

then

echo "Network interface: ${1,,}"

lanname="eth"

elif [ "${1,,}" == "$lanname2" ]

then

echo "Network interface: ${1,,}"

lanname="wlan"

else

echo "Please choose a network interface."

exit 1

fi

###

###

###

if [ -z "$vpnnameinput" ] ; then

echo -e "Or: \tsudo $0 $lanname Aquarii\n\tsudo $0 $lanname Geminorum\n\tsudo $0 $lanname Omicron\n\tsudo $0 $lanname Tauri\n\tsudo $0 $lanname Bootis\n\tsudo $0 $lanname Cassiopeia\n\tsudo $0 $lanname Herculis\n\tsudo $0 $lanname Castor\n\tsudo $0 $lanname Leonis\n\tsudo $0 $lanname Leporis\n\tsudo $0 $lanname Lyra\n\tsudo $0 $lanname Orionis\n\tsudo $0 $lanname Serpentis\n\tsudo $0 $lanname Arietis\n\tsudo $0 $lanname Librae\n\tsudo $0 $lanname Sirius\n\tsudo $0 $lanname Vega"

#"wlan or eth?"

exit 1

fi

###

#

if [ "${vpnnameinput,,}" == "$vpnname1" ]

then

#aquarii

echo "VPN Server: ${2,,}"

ipAddr=92.42.186.167

elif [ "${vpnnameinput,,}" == "$vpnname2" ]

then

#geminorum

echo "VPN Server: ${2,,}"

ipAddr=37.235.51.133

elif [ "${vpnnameinput,,}" == "$vpnname3" ]

then

#omicron

echo "VPN Server: ${2,,}"

ipAddr=89.149.226.185

elif [ "${vpnnameinput,,}" == "$vpnname4" ]

then

#tauri

echo "VPN Server: ${2,,}"

ipAddr=95.211.98.154

elif [ "${vpnnameinput,,}" == "$vpnname5" ]

then

#bootis

echo "VPN Server: ${2,,}"

ipAddr=95.211.98.154

elif [ "${vpnnameinput,,}" == "$vpnname6" ]

then

#Cassiopeia

echo "VPN Server: ${2,,}"

ipAddr=31.193.12.98

elif [ "${vpnnameinput,,}" == "$vpnname7" ]

then

#Herculis

echo "VPN Server: ${2,,}"

ipAddr=94.242.205.234

elif [ "${vpnnameinput,,}" == "$vpnname8" ]

then

#Castor

echo "VPN Server: ${2,,}"

ipAddr=95.211.169.3

elif [ "${vpnnameinput,,}" == "$vpnname9" ]

then

#Leonis

echo "VPN Server: ${2,,}"

ipAddr=85.17.123.26

elif [ "${vpnnameinput,,}" == "$vpnname10" ]

then

#Leporis

echo "VPN Server: ${2,,}"

ipAddr=95.211.191.33

elif [ "${vpnnameinput,,}" == "$vpnname11" ]

then

#Lyra

echo "VPN Server: ${2,,}"

ipAddr=62.212.85.65

elif [ "${vpnnameinput,,}" == "$vpnname12" ]

then

#Orionis

echo "VPN Server: ${2,,}"

ipAddr=95.211.98.154

elif [ "${vpnnameinput,,}" == "$vpnname13" ]

then

#Serpentis

echo "VPN Server: ${2,,}"

ipAddr=178.248.30.131

elif [ "${vpnnameinput,,}" == "$vpnname14" ]

then

#Arietis

echo "VPN Server: ${2,,}"

ipAddr=198.15.111.162

elif [ "${vpnnameinput,,}" == "$vpnname15" ]

then

#Librae

echo "VPN Server: ${2,,}"

ipAddr=108.59.11.194

elif [ "${vpnnameinput,,}" == "$vpnname16" ]

then

#Sirius

echo "VPN Server: ${2,,}"

ipAddr=108.59.8.147

elif [ "${vpnnameinput,,}" == "$vpnname17" ]

then

#Vega

echo "VPN Server: ${2,,}"

ipAddr=69.163.36.66

else

echo "Please enter a valid server name"

echo -e "Or: \tsudo $0 $lanname Aquarii\n\tsudo $0 $lanname Geminorum\n\tsudo $0 $lanname Omicron\n\tsudo $0 $lanname Tauri\n\tsudo $0 $lanname Bootis\n\tsudo $0 $lanname Cassiopeia\n\tsudo $0 $lanname Herculis\n\tsudo $0 $lanname Castor\n\tsudo $0 $lanname Leonis\n\tsudo $0 $lanname Leporis\n\tsudo $0 $lanname Lyra\n\tsudo $0 $lanname Orionis\n\tsudo $0 $lanname Serpentis\n\tsudo $0 $lanname Arietis\n\tsudo $0 $lanname Librae\n\tsudo $0 $lanname Sirius\n\tsudo $0 $lanname Vega"

exit 1

fi

### flush old ip tables ###

#-------------------------#

echo "Now Flushing old iptable rules"

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

### ###

### set new ip table rules, non-vpn drop packets ###

#--------------------------------------------------#

echo "Now Setting up tables for server: ${2,,}"

iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT #allow loopback access

iptables -A OUTPUT -d 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server

iptables -A INPUT -s 255.255.255.255 -j ACCEPT #make sure you can communicate with any DHCP server

iptables -A INPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT #make sure that you can communicate within your own network

iptables -A OUTPUT -s 192.168.0.0/16 -d 192.168.0.0/16 -j ACCEPT

iptables -A FORWARD -i "$lanname+" -o tun+ -j ACCEPT

iptables -A FORWARD -i tun+ -o "$lanname+" -j ACCEPT # make sure that eth+ and tun+ can communicate

iptables -t nat -A POSTROUTING -o tun+ -j MASQUERADE # in the POSTROUTING chain of the NAT table, map the tun+ interface outgoing packet IP address, cease examining rules and let the header be modified, so that we don't have to worry about ports or any other issue - please check this rule with care if you have already a NAT table in your chain

iptables -A OUTPUT -o "$lanname+" ! -d "$ipAddr" -j DROP # if destination for outgoing packet on eth+ is NOT a.b.c.d, drop the packet, so that nothing leaks if VPN disconnects

####################################################

echo "Iptables now setup for server: ${2,,}"

echo "Done."

#end

exit 1

done

To flush your ip tables and allow non-vpn packets to flow again, do the same as above, but name the file something different such as maybe 'tableflush.sh'. Put the code below in the tableflush.sh file:

#!/bin/sh

echo "Now Flushing old iptable rules"

iptables -F

iptables -X

iptables -t nat -F

iptables -t nat -X

iptables -t mangle -F

iptables -t mangle -X

Open terminal, type chmod +x tableflush.sh

type in terminal sudo ./tableflush.sh.

this will reset your iptables.

easiercode1.txt

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  
Followers 0
Go To Topic Listing
×
×
  • Create New...