aboutsummaryrefslogtreecommitdiff
path: root/manifests/rules/torify
diff options
context:
space:
mode:
authorintrigeri <intrigeri@boum.org>2012-01-07 15:23:47 +0100
committerintrigeri <intrigeri@boum.org>2012-11-11 23:11:17 +0100
commit0c28fa636653f395c756f56c93f8c78fddfcee00 (patch)
tree294bc78b7a707d6512a1b0a183f947af1a3c21df /manifests/rules/torify
parent911cc18e594bb5a3ab642ebb24615a0447050c32 (diff)
downloadpuppet-shorewall-0c28fa636653f395c756f56c93f8c78fddfcee00.tar.gz
puppet-shorewall-0c28fa636653f395c756f56c93f8c78fddfcee00.tar.bz2
Allow redirecting DNS requests to Tor for specific users or globally.
Diffstat (limited to 'manifests/rules/torify')
-rw-r--r--manifests/rules/torify/redirect_dns_to_tor.pp38
1 files changed, 38 insertions, 0 deletions
diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp
new file mode 100644
index 0000000..9c71204
--- /dev/null
+++ b/manifests/rules/torify/redirect_dns_to_tor.pp
@@ -0,0 +1,38 @@
+define shorewall::rules::torify::redirect_dns_to_tor() {
+
+ $user = $name
+
+ $destzone = $shorewall::tor_dns_host ? {
+ '127.0.0.1' => '$FW',
+ default => 'net'
+ }
+
+ $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$tcp_rule"]) {
+ shorewall::rule {
+ "$tcp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'tcp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+ $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$udp_rule"]) {
+ shorewall::rule {
+ "$udp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'udp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+}