
# Accept DNS requests to the Tor DNSPort. A OUTPUT -m owner -uid-owner tor -j ACCEPT # Accept network traffic for the Tor service itself.

A INPUT -j REJECT -reject-with icmp-port-unreachable A INPUT -p tcp -m conntrack -ctstate NEW -j REJECT -reject-with tcp-reset A INPUT -p udp -m conntrack -ctstate NEW -j REJECT -reject-with icmp-port-unreachable A OUTPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT A INPUT -m conntrack -ctstate RELATED,ESTABLISHED -j ACCEPT # Allow connections that are already established. # Only accept anonymized network traffic in the filter table. A OUTPUT ! -o lo -p tcp -m tcp -tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT -to-ports 9040 # Redirect all TCP traffic to Tor's TransPort. A OUTPUT -d 127.192.0.0/10 -p tcp -m tcp -tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT -to-ports 9040 # Redirect HS connections to the TransPort. # Do not redirect private networks or loopback. A OUTPUT ! -o lo -p udp -m udp -dport 53 -j REDIRECT -to-ports 53530 # TODO: Set this to your Tor DNSPort if it's not 53530. A OUTPUT -m owner -uid-owner tor -j RETURN # TODO: Is `tor' your actual Tor user? It might be `debian-tor' or `toranon' or something else. # Don't allow Tor traffic to get stuck in a redirect loop. Now edit the IPv4 file and add something like the following (make sure to grep for TODO items and follow the instructions): # Ues the nat table to redirect some traffic to Tor If you're using selinux (I'm not familiar with Kali, but I doubt you are), make sure Tor is allowed to bind to 9040: semanage port -a -t tor_port_t -p tcp 9040Ĭreate a file to contain your iptables rules. Once Tor is installed (I'll leave that to you I recommend using the official Tor repos for Debian), add the following to your torrc: AutomapHostsOnResolve 1


Long answer that more properly answers your qustion and use case:
