diff options
author | intrigeri <intrigeri@boum.org> | 2012-01-07 06:09:54 +0100 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2012-11-11 23:11:49 +0100 |
commit | 6bc54f031b9ae12fe428c83e70733c8b2ff4c67a (patch) | |
tree | 6fa93a250d68067c079b2fb9c2feb29f81f61e37 /manifests/rules/torify/non_torified_user.pp | |
parent | 911cc18e594bb5a3ab642ebb24615a0447050c32 (diff) | |
download | puppet-shorewall-6bc54f031b9ae12fe428c83e70733c8b2ff4c67a.tar.gz puppet-shorewall-6bc54f031b9ae12fe428c83e70733c8b2ff4c67a.tar.bz2 |
Support exempting some users from torification measures.
Diffstat (limited to 'manifests/rules/torify/non_torified_user.pp')
-rw-r--r-- | manifests/rules/torify/non_torified_user.pp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/manifests/rules/torify/non_torified_user.pp b/manifests/rules/torify/non_torified_user.pp new file mode 100644 index 0000000..34e4db7 --- /dev/null +++ b/manifests/rules/torify/non_torified_user.pp @@ -0,0 +1,25 @@ +define shorewall::rules::torify::non_torified_user() { + + $user = $name + + $whitelist_rule = "allow-from-user=${user}" + shorewall::rule { + "$whitelist_rule": + source => '$FW', + destination => 'all', + user => $user, + order => 101, + action => 'ACCEPT'; + } + + $nonat_rule = "dont-redirect-to-tor-user=${user}" + shorewall::rule { + "$nonat_rule": + source => '$FW', + destination => '-', + user => $user, + order => 106, + action => 'NONAT'; + } + +} |