diff options
-rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 23 | ||||
-rw-r--r-- | manifests/vserver.pp | 17 |
2 files changed, 37 insertions, 3 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index e914fc6..623e6f1 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -331,3 +331,26 @@ class firewall::vserver::dns($destination, $zone = 'vm') { order => '2004', } } + +class firewall::vserver::tor($destination, $zone = 'fw') { + shorewall::rule { 'tor-1': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9001", + proto => 'tcp', + destinationport => '9001', + ratelimit => '-', + order => '2100', + } + + shorewall::rule { 'tor-2': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9001", + proto => 'tcp', + destinationport => '9001', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2101', + } +} diff --git a/manifests/vserver.pp b/manifests/vserver.pp index 9474f00..99a8481 100644 --- a/manifests/vserver.pp +++ b/manifests/vserver.pp @@ -45,9 +45,9 @@ class nodo::vserver inherits nodo { # Define a vserver instance define instance($context, $ensure = 'running', $proxy = false, $puppetmaster = false, $gitd = false, $mail = false, - $icecast = false, $sound = false, $ticket = false, - $memory_limit = false, $distro = 'squeeze', $dns = false, - $munin_port = false, $monkeysphere_ssh_port = false) { + $icecast = false, $sound = false, $tor = false, + $ticket = false, $memory_limit = false, $distro = 'squeeze', + $dns = false, $munin_port = false, $monkeysphere_ssh_port = false) { # set instance id if $context <= 9 { @@ -66,6 +66,11 @@ class nodo::vserver inherits nodo { '': { $puppetmaster_nonssl_port = "8141" } } + # set tor port + case $tor_port { + '': { $tor_port = "9001" } + } + vserver { $name: ensure => $ensure, context => "$context", @@ -187,6 +192,12 @@ class nodo::vserver inherits nodo { "firewall::vserver::dns": destination => "192.168.0.$context"; } } + + if $tor { + class { + "firewall::vserver::tor": destination => "192.168.0.$context"; + } + } } } } |