diff options
Diffstat (limited to 'manifests/virtual/tor.pp')
-rw-r--r-- | manifests/virtual/tor.pp | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp index 8424f3b..f4a1cb6 100644 --- a/manifests/virtual/tor.pp +++ b/manifests/virtual/tor.pp @@ -1,4 +1,4 @@ -class firewall::virtual::tor($destination, $zone = 'fw') { +class firewall::virtual::tor($destination, $zone = 'vm') { shorewall::rule { 'tor-0': action => 'DNAT', source => 'net', @@ -12,7 +12,7 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-1': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9000", + destination => "fw:$destination:9000", proto => 'tcp', destinationport => '9000', originaldest => hiera('firewall::external_ip', $::ipaddress), @@ -33,11 +33,53 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-3': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9001", + destination => "fw:$destination:9001", proto => 'tcp', destinationport => '9001', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2103, } + + shorewall::rule { 'tor-4': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => '9100', + ratelimit => '-', + order => 2104, + } + + shorewall::rule { 'tor-5': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9100", + proto => 'tcp', + destinationport => '9100', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2105, + } + + shorewall::rule { 'tor-6': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => '9101', + ratelimit => '-', + order => 2106, + } + + shorewall::rule { 'tor-7': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9101", + proto => 'tcp', + destinationport => '9101', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2107, + } } |