diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2018-06-16 13:20:27 -0300 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2018-06-16 13:20:27 -0300 |
commit | e06d326f0be9f69bf4fa3b695f898c1cb9c5b200 (patch) | |
tree | afd54c4e28d3c5f4d0ad2afb2ba34b14110c634b | |
parent | 89686e0a56cc60c0079e9a5e4d0fe2fb9c01060d (diff) | |
download | puppet-firewall-e06d326f0be9f69bf4fa3b695f898c1cb9c5b200.tar.gz puppet-firewall-e06d326f0be9f69bf4fa3b695f898c1cb9c5b200.tar.bz2 |
Updates Tor relay rules
-rw-r--r-- | manifests/router/tor.pp | 42 | ||||
-rw-r--r-- | manifests/virtual/tor.pp | 48 |
2 files changed, 87 insertions, 3 deletions
diff --git a/manifests/router/tor.pp b/manifests/router/tor.pp index 710b4a0..cf5cc58 100644 --- a/manifests/router/tor.pp +++ b/manifests/router/tor.pp @@ -40,4 +40,46 @@ define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipadd ratelimit => '-', order => "29001", } + + shorewall::rule { "tor-$name-5": + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => "9100", + ratelimit => '-', + order => "29100", + } + + shorewall::rule { "tor-$name-6": + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => "9100", + originaldest => "$originaldest", + ratelimit => '-', + order => "29100", + } + + shorewall::rule { "tor-$name-7": + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => "9101", + ratelimit => '-', + order => "29101", + } + + shorewall::rule { "tor-$name-8": + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => "9101", + originaldest => "$originaldest", + ratelimit => '-', + order => "29101", + } } diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp index 8424f3b..f4a1cb6 100644 --- a/manifests/virtual/tor.pp +++ b/manifests/virtual/tor.pp @@ -1,4 +1,4 @@ -class firewall::virtual::tor($destination, $zone = 'fw') { +class firewall::virtual::tor($destination, $zone = 'vm') { shorewall::rule { 'tor-0': action => 'DNAT', source => 'net', @@ -12,7 +12,7 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-1': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9000", + destination => "fw:$destination:9000", proto => 'tcp', destinationport => '9000', originaldest => hiera('firewall::external_ip', $::ipaddress), @@ -33,11 +33,53 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-3': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9001", + destination => "fw:$destination:9001", proto => 'tcp', destinationport => '9001', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2103, } + + shorewall::rule { 'tor-4': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => '9100', + ratelimit => '-', + order => 2104, + } + + shorewall::rule { 'tor-5': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9100", + proto => 'tcp', + destinationport => '9100', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2105, + } + + shorewall::rule { 'tor-6': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => '9101', + ratelimit => '-', + order => 2106, + } + + shorewall::rule { 'tor-7': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9101", + proto => 'tcp', + destinationport => '9101', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2107, + } } |