adding tor port support

author: drebs <drebs@riseup.net> 2012-01-07 22:04:34 -0200
committer: drebs <drebs@riseup.net> 2012-01-07 22:04:34 -0200
commit: 9321d901c5a5c251b16df7b793affda4141b512f (patch)
tree: d2bf4783597b9530b7333fa93a7c691c4516127a /manifests/subsystems
parent: 1dee3ec7ea2f149ac78215f81333d8d01c658d22 (diff)
download: puppet-nodo-9321d901c5a5c251b16df7b793affda4141b512f.tar.gz
puppet-nodo-9321d901c5a5c251b16df7b793affda4141b512f.tar.bz2
1 files changed, 23 insertions, 0 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index e914fc6..623e6f1 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -331,3 +331,26 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     order           => '2004',
   }
 }
+
+class firewall::vserver::tor($destination, $zone = 'fw') {
+  shorewall::rule { 'tor-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => '9001',
+    ratelimit       => '-',
+    order           => '2100',
+  }
+
+  shorewall::rule { 'tor-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => '9001',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2101',
+  }
+}
author	drebs <drebs@riseup.net>	2012-01-07 22:04:34 -0200
committer	drebs <drebs@riseup.net>	2012-01-07 22:04:34 -0200
commit	9321d901c5a5c251b16df7b793affda4141b512f (patch)
tree	d2bf4783597b9530b7333fa93a7c691c4516127a /manifests/subsystems
parent	1dee3ec7ea2f149ac78215f81333d8d01c658d22 (diff)
download	puppet-nodo-9321d901c5a5c251b16df7b793affda4141b512f.tar.gz puppet-nodo-9321d901c5a5c251b16df7b793affda4141b512f.tar.bz2