Obscurix comes with a very restrictive firewall. It blocks all incoming and outgoing connections and only allows outgoing Tor, I2P or Freenet traffic. It is configured via iptables. This makes IP leaks impossible without a root exploit to disable the firewall or a compromise of Tor, I2P or Freenet.
NetworkManager.service is configured to require iptables to be running. This acts as a fail closed mechanism/kill switch. If the firewall is not active then networking shuts off.