From e06d326f0be9f69bf4fa3b695f898c1cb9c5b200 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Sat, 16 Jun 2018 13:20:27 -0300 Subject: Updates Tor relay rules --- manifests/router/tor.pp | 42 ++++++++++++++++++++++++++++++++++++++++++ manifests/virtual/tor.pp | 48 +++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 87 insertions(+), 3 deletions(-) diff --git a/manifests/router/tor.pp b/manifests/router/tor.pp index 710b4a0..cf5cc58 100644 --- a/manifests/router/tor.pp +++ b/manifests/router/tor.pp @@ -40,4 +40,46 @@ define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipadd ratelimit => '-', order => "29001", } + + shorewall::rule { "tor-$name-5": + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => "9100", + ratelimit => '-', + order => "29100", + } + + shorewall::rule { "tor-$name-6": + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => "9100", + originaldest => "$originaldest", + ratelimit => '-', + order => "29100", + } + + shorewall::rule { "tor-$name-7": + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => "9101", + ratelimit => '-', + order => "29101", + } + + shorewall::rule { "tor-$name-8": + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => "9101", + originaldest => "$originaldest", + ratelimit => '-', + order => "29101", + } } diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp index 8424f3b..f4a1cb6 100644 --- a/manifests/virtual/tor.pp +++ b/manifests/virtual/tor.pp @@ -1,4 +1,4 @@ -class firewall::virtual::tor($destination, $zone = 'fw') { +class firewall::virtual::tor($destination, $zone = 'vm') { shorewall::rule { 'tor-0': action => 'DNAT', source => 'net', @@ -12,7 +12,7 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-1': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9000", + destination => "fw:$destination:9000", proto => 'tcp', destinationport => '9000', originaldest => hiera('firewall::external_ip', $::ipaddress), @@ -33,11 +33,53 @@ class firewall::virtual::tor($destination, $zone = 'fw') { shorewall::rule { 'tor-3': action => 'DNAT', source => '$FW', - destination => "$zone:$destination:9001", + destination => "fw:$destination:9001", proto => 'tcp', destinationport => '9001', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2103, } + + shorewall::rule { 'tor-4': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9100", + proto => 'tcp', + destinationport => '9100', + ratelimit => '-', + order => 2104, + } + + shorewall::rule { 'tor-5': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9100", + proto => 'tcp', + destinationport => '9100', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2105, + } + + shorewall::rule { 'tor-6': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9101", + proto => 'tcp', + destinationport => '9101', + ratelimit => '-', + order => 2106, + } + + shorewall::rule { 'tor-7': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:9101", + proto => 'tcp', + destinationport => '9101', + originaldest => hiera('firewall::external_ip', $::ipaddress), + ratelimit => '-', + order => 2107, + } } -- cgit v1.2.3