27 lines
1.2 KiB
Bash
Executable File
27 lines
1.2 KiB
Bash
Executable File
#!/bin/bash
|
|
git config user.email "zach@gibbens.dev";git config user.name "Zachariah Gibbens"
|
|
mkdir -p build ; cd build
|
|
sudo debconf-set-selections < ../debconf.conf
|
|
../system.sh
|
|
../dnsmasq.sh
|
|
../pdnsd.sh
|
|
../dnss.sh
|
|
../dnscrypt-proxy.sh
|
|
../squid.sh
|
|
../spoof-dpi.sh
|
|
## Rules to force local DNS traffic to DNSMasq
|
|
sudo iptables -t nat -I OUTPUT -p udp --dport 53 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I OUTPUT -p tcp --dport 53 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I OUTPUT -p udp --dport 5353 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I OUTPUT -p tcp --dport 5353 -j DNAT --to 127.0.0.1:53
|
|
## Rules to force network DNS traffic to DNSMasq
|
|
sudo iptables -t nat -I PREROUTING -p udp --dport 53 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I PREROUTING -p tcp --dport 53 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I PREROUTING -p udp --dport 5353 -j DNAT --to 127.0.0.1:53
|
|
sudo iptables -t nat -I PREROUTING -p tcp --dport 5353 -j DNAT --to 127.0.0.1:53
|
|
## TTL Modification Hack
|
|
#iptables -t mangle -I POSTROUTING 1 -j TTL --ttl-set 66
|
|
## Countermeasure for TCP Reset Attacks
|
|
sudo iptables -I INPUT -p tcp --tcp-flags RST RST -j DROP
|
|
sudo iptables -t mangle -I PREROUTING -p tcp --tcp-flags RST RST -j DROP
|