Spent today routing ALL my system traffic through Tor on Rocky Linux 9. Not just the browser — everything.
Turns out it's not as simple as "install Tor and redirect ports". Here's what I ran into:
⚠️ SELinux blocks Tor from binding new ports — had to build a custom policy module
⚠️ Avahi squats on port 5353 — moved Tor DNS to 5399
⚠️ IPv6 leaks your real IP even with iptables rules — because iptables only handles IPv4
⚠️ DNS to 127.0.0.1 gets skipped by the loopback exclusion — rule ordering matters
⚠️ NetworkManager keeps overwriting resolv.conf — had to chattr +i it
The result: transparent proxy + kill switch + IPv6 blocked + boot persistence. If Tor dies, traffic gets dropped — no clearnet leaks.
Full guide with every fix, alias, and recovery script:
https://github.com/shadowbipnode/sovereign-linux-tools
#privacy #tor #linux #opsec #sovereignty
Shadowbip / shadowbip
npub1ya…htp3e
2026-04-22 12:34:09 UTC
Author Public Key
npub1yag9ggwzdrekxput74qq66p88wv8r68r2f3lm3znycqqyh408ufs7htp3ePublished at
2026-04-22 12:34:09 UTCEvent JSON
{
"id": "b9777fc1316453edddc7492f3e246bf004a5376ae4af372d64dbd4742b3d0dc1",
"pubkey": "27505421c268f363078bf5400d68273b9871e8e35263fdc4532600025eaf3f13",
"created_at": 1776861249,
"kind": 1,
"tags": [
[
"t",
"privacy"
],
[
"t",
"tor"
],
[
"t",
"linux"
],
[
"t",
"opsec"
],
[
"t",
"sovereignty"
],
[
"r",
"wss://nos.lol/"
],
[
"r",
"wss://nostr.mom/"
],
[
"r",
"wss://atlas.nostr.land/",
"write"
],
[
"r",
"wss://relay.primal.net/"
],
[
"r",
"wss://relay.nostr.info/",
"write"
],
[
"r",
"wss://relay.damus.io/"
],
[
"r",
"wss://bitcoiner.social/",
"write"
],
[
"r",
"wss://relay.shadowbip.com/"
],
[
"client",
"Primal Web"
]
],
"content": " Spent today routing ALL my system traffic through Tor on Rocky Linux 9. Not just the browser — everything.\n\nTurns out it's not as simple as \"install Tor and redirect ports\". Here's what I ran into:\n\n⚠️ SELinux blocks Tor from binding new ports — had to build a custom policy module\n⚠️ Avahi squats on port 5353 — moved Tor DNS to 5399\n⚠️ IPv6 leaks your real IP even with iptables rules — because iptables only handles IPv4\n⚠️ DNS to 127.0.0.1 gets skipped by the loopback exclusion — rule ordering matters\n⚠️ NetworkManager keeps overwriting resolv.conf — had to chattr +i it\n\nThe result: transparent proxy + kill switch + IPv6 blocked + boot persistence. If Tor dies, traffic gets dropped — no clearnet leaks.\n\nFull guide with every fix, alias, and recovery script:\nhttps://github.com/shadowbipnode/sovereign-linux-tools\n\n#privacy #tor #linux #opsec #sovereignty",
"sig": "e022c6c98150bfed061b2ce719463e04eb6163dc6e7405b15b1db728817202de067c142c6f5e2b12be01d8e8a7a684b74e9349e7def91ec75fde0ee40771d827"
}