aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/subsystems/firewall/vserver.pp23
-rw-r--r--manifests/vserver.pp17
2 files changed, 37 insertions, 3 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index e914fc6..623e6f1 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -331,3 +331,26 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
order => '2004',
}
}
+
+class firewall::vserver::tor($destination, $zone = 'fw') {
+ shorewall::rule { 'tor-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:9001",
+ proto => 'tcp',
+ destinationport => '9001',
+ ratelimit => '-',
+ order => '2100',
+ }
+
+ shorewall::rule { 'tor-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "$zone:$destination:9001",
+ proto => 'tcp',
+ destinationport => '9001',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '2101',
+ }
+}
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 9474f00..99a8481 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -45,9 +45,9 @@ class nodo::vserver inherits nodo {
# Define a vserver instance
define instance($context, $ensure = 'running', $proxy = false,
$puppetmaster = false, $gitd = false, $mail = false,
- $icecast = false, $sound = false, $ticket = false,
- $memory_limit = false, $distro = 'squeeze', $dns = false,
- $munin_port = false, $monkeysphere_ssh_port = false) {
+ $icecast = false, $sound = false, $tor = false,
+ $ticket = false, $memory_limit = false, $distro = 'squeeze',
+ $dns = false, $munin_port = false, $monkeysphere_ssh_port = false) {
# set instance id
if $context <= 9 {
@@ -66,6 +66,11 @@ class nodo::vserver inherits nodo {
'': { $puppetmaster_nonssl_port = "8141" }
}
+ # set tor port
+ case $tor_port {
+ '': { $tor_port = "9001" }
+ }
+
vserver { $name:
ensure => $ensure,
context => "$context",
@@ -187,6 +192,12 @@ class nodo::vserver inherits nodo {
"firewall::vserver::dns": destination => "192.168.0.$context";
}
}
+
+ if $tor {
+ class {
+ "firewall::vserver::tor": destination => "192.168.0.$context";
+ }
+ }
}
}
}