- Run
update.sh
script which will create "blocked" ipset's set - Create iptables rules to redirect traffic
/etc/iptables/iptables.rules:
-A PREROUTING ! -i lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m set --match-set blocked dst -j REDIRECT --to-ports 9040
-A OUTPUT -m owner --uid-owner "tor" -j RETURN
-A OUTPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m set --match-set blocked dst -j REDIRECT --to-ports 9040