updated added tor exit node being optional

2025-04-21 03:02:09 +00:00 · 2016-06-30 08:29:22 -04:00 · 2016-06-30 08:29:22 -04:00 · 0d69474688
commit 0d69474688
parent c478125269
4 changed files with 78 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -11,7 +11,9 @@ I have also added the capability to block all Chinese and/or Korean IP Addresses

 2.2 added Dshields top 20 blocks of IP addresses that are malicious, and blocks them daily. It has been merged into the /etc/cron.daily/blacklist created prior. The Dshield script was originally found at https://github.com/koconder/dshield_automatic_iptables

-2.3 is a big fix for some bugs I had, no longer requires editing interfaces file. Instead install iptables-persistent, replaces the /etc/init.d/iptables-persistent with another one on GitHub ( https://github.com/koconder/dshield_automatic_iptables ). This does the same for IPtables, but also will save and restore ipset lists as well. The new init.d file has added the ability to save iptables and ipsec configuration from the service command.
+2.3 is a big fix for some bugs I had, so longer requires editing interfaces file. Instead install iptables-persistent, replaces the /etc/init.d/iptables-persistent with another one on GitHub ( https://github.com/koconder/dshield_automatic_iptables ). This does the same for IPtables, but also will save and restore ipset lists as well. The new init.d file has added the ability to save iptables and ipsec configuration from the service command.
+
+2.4 Added the Tor exit node blocking being optional, and rearranged some code and files.

 Simply run this once, and that's it.
 sudo ./install.sh 
--- a/conf/geoblock.sh
+++ b/conf/geoblock.sh
@ -0,0 +1,48 @@
+#!/bin/bash
+
+HEIGHT=30
+WIDTH=80
+CHOICE_HEIGHT=4
+BACKTITLE="Do you want to block China and/or Korea?"
+TITLE="Country Block"
+MENU="A lot of spam, as well as malicious traffic originates from Korea and China. If you don't plan on having to ever have those countries connect to your server you may block them.
+	This will add a cron that will update weekly, and block all IP blocks to those countries you choose
+	Choose one of the following options:"
+
+OPTIONS=(1 "China"
+         2 "Korea"
+         3 "China and Korea"
+		 4 "Do nothing")
+
+CHOICE=$(dialog --clear \
+                --backtitle "$BACKTITLE" \
+                --title "$TITLE" \
+                --menu "$MENU" \
+                $HEIGHT $WIDTH $CHOICE_HEIGHT \
+                "${OPTIONS[@]}" \
+                2>&1 >/dev/tty)
+
+clear
+case $CHOICE in
+        1)
+            echo "Are you Donald Trump?"
+			cp conf/china /etc/cron.weekly/china
+			chmod +x /etc/cron.weekly/china
+			time /etc/cron.weekly/china
+            ;;
+        2)
+            echo "Starting the Korean war again"
+			cp conf/korea /etc/cron.weekly/korea
+			chmod +x /etc/cron.weekly/korea
+			time /etc/cron.weekly/korea
+			;;
+        3)
+            echo "Blocking almost 1/3 of the world"
+			cp conf/sinokorea /etc/cron.weekly/sinokorea
+			chmod +x /etc/cron.weekly/sinokorea
+			time /etc/cron.weekly/sinokorea
+            ;;
+			
+		4) echo "doing nothing"
+			;;
+esac
--- a/conf/tor.sh
+++ b/conf/tor.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+# tor.sh - Yes/No
+# created by Alon "ChiefGyk" Ganon
+# Alon@ganon.me
+# This will give the option of blocking Tor exit nodes
+dialog --title "Disable Tor Exit Nodes?" \
+--backtitle "" \
+--yesno "Would you like to block all Tor exit nodes? This will block all traffic coming from Tor which will impair people using it to \
+avoid censorship. However the majority of malicious traffic is sourced from Tor. If you change your mind later you can comment/uncomment line 14 \
+of /etc/cron.daily/blacklist where it specifies Tor Exit Nodes" 15 60
+
+# Get exit status
+# 0 means user hit [yes] button.
+# 1 means user hit [no] button.
+# 255 means user hit [Esc] key.
+response=$?
+case $response in
+   0) sed -e '13 s/^/#/' /etc/conf.daily/blacklist 
+   echo "Tor Exit Nodes Blocked";;
+   1) echo "Freedom";;
+   255) echo "[ESC] key pressed.";;
+esac
--- a/install.sh
+++ b/install.sh
@ -13,6 +13,9 @@ if [[ $EUID -ne 0 ]]; then
 	echo
 	exit
 fi
+cp conf/blacklist /etc/cron.daily/blacklist
+chmod a+x /etc/cron.daily/blacklist
+source conf/tor.sh
 echo iptables-persistent iptables-persistent/autosave_v4 boolean false | debconf-set-selections
 echo iptables-persistent iptables-persistent/autosave_v6 boolean false | debconf-set-selections
 apt-get update
@ -20,9 +23,7 @@ apt-get install -y ipset dialog iptables-persistent
 cp conf/iptables-persistent /etc/init.d/iptables-persistent
 ipset create blacklist hash:net
 iptables -I INPUT -m set --match-set blacklist src -j DROP
-cp conf/blacklist /etc/cron.daily/blacklist
-chmod a+x /etc/cron.daily/blacklist
 time /etc/cron.daily/blacklist
-source conf/dialog.sh 
+source conf/geoblock.sh 
 /etc/init.d/iptables-persistent save
 echo "Blacklist has been installed. It will run daily automatically."