Is this an attempt to achieve this?:
By this you mean that it’s not reachable from the outside, or that the Tor bridge itself cannot initiate outgoing connections? If it’s the former, then there are two ways:
- just ensure that your firewall blocks incoming connections to the bridge’s port (
ORPort,ServerTransportListenAddr), and set up a reverse proxy on an open port. - Set up listen address of the bridge to be
localhost(I think the params areORPortandServerTransportListenAddr, although you probably won’t need obfuscation anyway in this case, and set up a reverse proxy on an open port.
Related: man tor: ORPort: NoListen and NoAdvertise flags, and BridgeDistribution none.
Is this what you’re asking?