diff options
-rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 623e6f1..e489a68 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -333,7 +333,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') { } class firewall::vserver::tor($destination, $zone = 'fw') { - shorewall::rule { 'tor-1': + shorewall::rule { 'tor-0': action => 'DNAT', source => 'net', destination => "$zone:$destination:9001", @@ -343,7 +343,7 @@ class firewall::vserver::tor($destination, $zone = 'fw') { order => '2100', } - shorewall::rule { 'tor-2': + shorewall::rule { 'tor-1': action => 'DNAT', source => '$FW', destination => "$zone:$destination:9001", @@ -352,5 +352,25 @@ class firewall::vserver::tor($destination, $zone = 'fw') { originaldest => "$ipaddress", ratelimit => '-', order => '2101', + + shorewall::rule { 'tor-2': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:9030", + proto => 'tcp', + destinationport => '9030', + ratelimit => '-', + order => '2102', + } + + shorewall::rule { 'tor-3': + action => 'DNAT', + source => '$FW', + destination => "$zone:$destination:9030", + proto => 'tcp', + destinationport => '9030', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2103', } } |