diff options
author | intrigeri <intrigeri@boum.org> | 2012-01-07 06:09:54 +0100 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2012-06-20 10:47:15 -0400 |
commit | 6cb88973f53aa7d92414797dd21952c1c1d5da98 (patch) | |
tree | 6fa93a250d68067c079b2fb9c2feb29f81f61e37 /manifests/rules/torify/non_torified_user.pp | |
parent | b67bb6c1571506ae4b1d49feab06e73b75515f29 (diff) | |
download | puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.gz puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.bz2 |
Support exempting some users from torification measures.
Diffstat (limited to 'manifests/rules/torify/non_torified_user.pp')
-rw-r--r-- | manifests/rules/torify/non_torified_user.pp | 25 |
1 files changed, 25 insertions, 0 deletions
diff --git a/manifests/rules/torify/non_torified_user.pp b/manifests/rules/torify/non_torified_user.pp new file mode 100644 index 0000000..34e4db7 --- /dev/null +++ b/manifests/rules/torify/non_torified_user.pp @@ -0,0 +1,25 @@ +define shorewall::rules::torify::non_torified_user() { + + $user = $name + + $whitelist_rule = "allow-from-user=${user}" + shorewall::rule { + "$whitelist_rule": + source => '$FW', + destination => 'all', + user => $user, + order => 101, + action => 'ACCEPT'; + } + + $nonat_rule = "dont-redirect-to-tor-user=${user}" + shorewall::rule { + "$nonat_rule": + source => '$FW', + destination => '-', + user => $user, + order => 106, + action => 'NONAT'; + } + +} |