class firewall::virtual::tor($destination, $zone = 'vm') { shorewall::rule { 'tor-0': action => 'DNAT', source => 'net', destination => "$zone:$destination:9000", proto => 'tcp', destinationport => '9000', ratelimit => '-', order => 2100, } shorewall::rule { 'tor-1': action => 'DNAT', source => '$FW', destination => "fw:$destination:9000", proto => 'tcp', destinationport => '9000', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2101, } shorewall::rule { 'tor-2': action => 'DNAT', source => 'net', destination => "$zone:$destination:9001", proto => 'tcp', destinationport => '9001', ratelimit => '-', order => 2102, } shorewall::rule { 'tor-3': action => 'DNAT', source => '$FW', destination => "fw:$destination:9001", proto => 'tcp', destinationport => '9001', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2103, } shorewall::rule { 'tor-4': action => 'DNAT', source => 'net', destination => "$zone:$destination:9100", proto => 'tcp', destinationport => '9100', ratelimit => '-', order => 2104, } shorewall::rule { 'tor-5': action => 'DNAT', source => '$FW', destination => "fw:$destination:9100", proto => 'tcp', destinationport => '9100', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2105, } shorewall::rule { 'tor-6': action => 'DNAT', source => 'net', destination => "$zone:$destination:9101", proto => 'tcp', destinationport => '9101', ratelimit => '-', order => 2106, } shorewall::rule { 'tor-7': action => 'DNAT', source => '$FW', destination => "fw:$destination:9101", proto => 'tcp', destinationport => '9101', originaldest => hiera('firewall::external_ip', $::ipaddress), ratelimit => '-', order => 2107, } }