RunAsDaemon 0
DataDirectory /var/lib/tor

# We don't expose a SOCKS port; everything is transparently redirected.
SocksPort 0

# Transparent TCP proxy and DNS for iptables REDIRECT
TransPort 0.0.0.0:9040
DNSPort 0.0.0.0:5353

# Virtual addressing so DNS answers get mapped by Tor
VirtualAddrNetworkIPv4 10.192.0.0/10
AutomapHostsOnResolve 1

# Reliability/safety
ClientOnly 1
AvoidDiskWrites 1

# (Optional) You can pin/avoid exits with these:
# ExitNodes {us},{nl}
# StrictNodes 1