/etc/iptables/iptables.rules *nat :PREROUTING ACCEPT [6:2126] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [17:6239] :POSTROUTING ACCEPT [6:408] -A PREROUTING ! -i lo -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353 -A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 -A OUTPUT -o lo -j RETURN --ipv4 -A OUTPUT -d 192.168.0.0/16 -j RETURN -A OUTPUT -m owner --uid-owner "tor" -j RETURN -A OUTPUT -p udp -m udp --dport 53 -j REDIRECT --to-ports 5353 -A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j REDIRECT --to-ports 9040 COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT DROP [0:0] -A INPUT -i lo -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT --ipv4 -A INPUT -p tcp -j REJECT --reject-with tcp-reset --ipv4 -A INPUT -p udp -j REJECT --reject-with icmp-port-unreachable --ipv4 -A INPUT -j REJECT --reject-with icmp-proto-unreachable --ipv6 -A INPUT -j REJECT --ipv4 -A OUTPUT -d 127.0.0.0/8 -j ACCEPT --ipv4 -A OUTPUT -d 192.168.0.0/16 -j ACCEPT --ipv6 -A OUTPUT -d ::1/8 -j ACCEPT -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A OUTPUT -m owner --uid-owner "tor" -j ACCEPT --ipv4 -A OUTPUT -j REJECT --reject-with icmp-port-unreachable --ipv6 -A OUTPUT -j REJECT COMMIT