TransparentTorProxy (TTP) is a Linux utility that leverages nftables to route all system network traffic through the Tor network. Version 0.3.5 has just been released.
What differentiates this approach from standard transparent proxies is its focus on state isolation. Instead of persistently modifying system firewall rules or writing configuration files to disk, the application core operates entirely within a tmpfs sandbox. DNS redirection is handled via a stateless kernel-level overlay (mount --bind), leaving the original /etc/resolv.conf physically untouched. If the system crashes, the routing state physically evaporates.
The v0.3.5 update shifts the focus to proactive integrity and automated leak prevention:
- Watchdog & Emergency Killswitch: A dedicated background daemon now continuously monitors the Tor socket, the
nftables chain, and the DNS overlay. If a session integrity failure occurs, it attempts an auto-heal. If it fails, it triggers a hard network lockout, dropping all traffic.
- Automated Topological Leak Testing: Replaced manual leak checks with an automated CI/CD suite. The pipeline uses isolated Docker containers to actively force WebRTC UDP bindings, raw IP connections, and DoT queries to mathematically prove the kernel drops or routes them correctly.
- DoH/DoT Mitigation: Blocks DoT traffic (TCP 853) at the firewall and actively maps canary domains to disable browser-level DoH, forcing queries back to the Tor-managed resolver.
- Selective Root Routing & LAN Bypass: Root processes are now routed through Tor by default. RFC 1918 subnets are automatically detected and exempted to maintain local network functionality.
The proxy is designed as a crash-safe network transport layer. It handles IP and DNS anonymization at the OS level, though users must still manage application-layer fingerprinting independently.
Repository: https://github.com/onyks-os/TransparentTorProxy