From 9321d901c5a5c251b16df7b793affda4141b512f Mon Sep 17 00:00:00 2001
From: drebs <drebs@riseup.net>
Date: Sat, 7 Jan 2012 22:04:34 -0200
Subject: adding tor port support

---
 manifests/subsystems/firewall/vserver.pp | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

(limited to 'manifests/subsystems')

diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index e914fc6..623e6f1 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -331,3 +331,26 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     order           => '2004',
   }
 }
+
+class firewall::vserver::tor($destination, $zone = 'fw') {
+  shorewall::rule { 'tor-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => '9001',
+    ratelimit       => '-',
+    order           => '2100',
+  }
+
+  shorewall::rule { 'tor-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => '9001',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2101',
+  }
+}
-- 
cgit v1.2.3