#!/bin/sh
#
# secure_tor.sh
# 2011-08-29
#
# Uses iptables to drop every outgoing packet, except TOR
# http://www.torproject.org/

UID_TOR=$(id -u tor)

print_usage () {
  echo "Usage: $0 {start|stop|restart}"
}

start () {
  iptables -P OUTPUT DROP
  iptables -A OUTPUT -d 127.0.0.1 -j ACCEPT
  iptables -A OUTPUT -m owner --uid-owner $UID_TOR -j ACCEPT
}

stop () {
  iptables -P OUTPUT ACCEPT
  iptables -D OUTPUT -d 127.0.0.1 -j ACCEPT
  iptables -D OUTPUT -m owner --uid-owner $UID_TOR -j ACCEPT
}

case "$1" in
'start')
  start
  ;;
'stop')
  stop
  ;;
'restart')
  stop
  sleep 1
  start
  ;;
*)
  print_usage
  ;;
esac