diff options
author | intrigeri <intrigeri@boum.org> | 2012-01-07 15:23:47 +0100 |
---|---|---|
committer | intrigeri <intrigeri@boum.org> | 2012-11-11 23:11:17 +0100 |
commit | 0c28fa636653f395c756f56c93f8c78fddfcee00 (patch) | |
tree | 294bc78b7a707d6512a1b0a183f947af1a3c21df /manifests/rules/torify | |
parent | 911cc18e594bb5a3ab642ebb24615a0447050c32 (diff) | |
download | puppet-shorewall-0c28fa636653f395c756f56c93f8c78fddfcee00.tar.gz puppet-shorewall-0c28fa636653f395c756f56c93f8c78fddfcee00.tar.bz2 |
Allow redirecting DNS requests to Tor for specific users or globally.
Diffstat (limited to 'manifests/rules/torify')
-rw-r--r-- | manifests/rules/torify/redirect_dns_to_tor.pp | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp new file mode 100644 index 0000000..9c71204 --- /dev/null +++ b/manifests/rules/torify/redirect_dns_to_tor.pp @@ -0,0 +1,38 @@ +define shorewall::rules::torify::redirect_dns_to_tor() { + + $user = $name + + $destzone = $shorewall::tor_dns_host ? { + '127.0.0.1' => '$FW', + default => 'net' + } + + $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}" + if !defined(Shorewall::Rule["$tcp_rule"]) { + shorewall::rule { + "$tcp_rule": + source => '$FW', + destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}", + proto => 'tcp', + destinationport => 'domain', + user => $user, + order => 108, + action => 'DNAT'; + } + } + + $udp_rule = "redirect-udp-dns-to-tor-user=${user}" + if !defined(Shorewall::Rule["$udp_rule"]) { + shorewall::rule { + "$udp_rule": + source => '$FW', + destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}", + proto => 'udp', + destinationport => 'domain', + user => $user, + order => 108, + action => 'DNAT'; + } + } + +} |