TeachMeBitcoin

bitcoin.conf settings for total Tor isolation

From TeachMeBitcoin, the free encyclopedia Reading time: 3 min

Network Fortification: Tor, I2P, and Firewall Hardening

A Bitcoin node is a beacon in the digital world. By default, it broadcasts your IP address to every other node it connects to. In a world of increasing surveillance and sophisticated cyber-attacks, "Network Fortification" is no longer optional. This chapter explores how to hide your node's physical location using Tor and I2P, and how to harden your Linux firewall against Denial-of-Service (DoS) attempts.

The Privacy Shield: Tor (The Onion Router)

Tor is the industry standard for node privacy. When running over Tor, your node does not connect directly to other IPs. Instead, it builds a "Circuit" through three volunteer servers, encrypting the data at every layer.

# bitcoin.conf settings for total Tor isolation
proxy=127.0.0.1:9050
listenonion=1
onlynet=onion # This tells bitcoind to ONLY connect to other Tor nodes.

The New Frontier: I2P (Invisible Internet Project)

While Tor is great, it has "Exit Nodes" that can be centralized. I2P is a fully decentralized, "Garlic-Routed" network designed for internal communication. Bitcoin Core 22.0 introduced native I2P support.

Firewall Hardening with iptables and ufw

Your node is connected to the internet 24/7. It will be "Scanned" by hackers thousands of times per day. You must use a firewall to close every door except the one Bitcoin needs.

# Hardening a Bitcoin server with UFW (Uncomplicated Firewall)
sudo ufw default deny incoming
sudo ufw default allow outgoing
sudo ufw allow 22/tcp # For SSH access
sudo ufw allow 8333/tcp # For Bitcoin P2P
sudo ufw enable

Mitigating the "Eclipse Attack"

An Eclipse Attack is a sophisticated network attack where a hacker controls all 8 of your node's outgoing connections. They can then feed you a "Fake" blockchain where you have received money that doesn't exist.

By fortifying your network, you transform your node from a vulnerable target into a "Digital Ghost"—invisible to adversaries but fully functional and secure within the global network.


☕ Help support TeachMeBitcoin

TeachMeBitcoin is an ad-free, open-source educational repository curated by a passionate team of Bitcoin researchers and educators for public benefit. If you found our articles helpful, please consider supporting our hosting and ongoing content updates with a clean donation:

Ethereum: 0x578417C51783663D8A6A811B3544E1f779D39A85
Bitcoin: bc1q77k9e95rn669kpzyjr8ke9w95zhk7pa5s63qzz
Solana: 4ycT2ayqeMucixj3wS8Ay8Tq9NRDYRPKYbj3UGESyQ4J
Address copied to clipboard!