Support exempting some users from torification measures.

author: intrigeri <intrigeri@boum.org> 2012-01-07 06:09:54 +0100
committer: Micah Anderson <micah@riseup.net> 2012-06-20 10:47:15 -0400
commit: 6cb88973f53aa7d92414797dd21952c1c1d5da98 (patch)
tree: 6fa93a250d68067c079b2fb9c2feb29f81f61e37 /manifests/rules/torify/non_torified_user.pp
parent: b67bb6c1571506ae4b1d49feab06e73b75515f29 (diff)
download: puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.gz
puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.bz2
1 files changed, 25 insertions, 0 deletions
diff --git a/manifests/rules/torify/non_torified_user.pp b/manifests/rules/torify/non_torified_user.pp
new file mode 100644
index 0000000..34e4db7
--- /dev/null
+++ b/manifests/rules/torify/non_torified_user.pp
@@ -0,0 +1,25 @@
+define shorewall::rules::torify::non_torified_user() {
+
+  $user = $name
+
+  $whitelist_rule = "allow-from-user=${user}"
+  shorewall::rule {
+    "$whitelist_rule":
+      source      => '$FW',
+      destination => 'all',
+      user        => $user,
+      order       => 101,
+      action      => 'ACCEPT';
+  }
+
+  $nonat_rule = "dont-redirect-to-tor-user=${user}"
+  shorewall::rule {
+    "$nonat_rule":
+      source       => '$FW',
+      destination  => '-',
+      user         => $user,
+      order        => 106,
+      action       => 'NONAT';
+  }
+
+}
author	intrigeri <intrigeri@boum.org>	2012-01-07 06:09:54 +0100
committer	Micah Anderson <micah@riseup.net>	2012-06-20 10:47:15 -0400
commit	6cb88973f53aa7d92414797dd21952c1c1d5da98 (patch)
tree	6fa93a250d68067c079b2fb9c2feb29f81f61e37 /manifests/rules/torify/non_torified_user.pp
parent	b67bb6c1571506ae4b1d49feab06e73b75515f29 (diff)
download	puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.gz puppet-shorewall-6cb88973f53aa7d92414797dd21952c1c1d5da98.tar.bz2