aboutsummaryrefslogtreecommitdiff
path: root/manifests/rules
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/rules')
-rw-r--r--manifests/rules/torify/redirect_dns_to_tor.pp38
1 files changed, 38 insertions, 0 deletions
diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp
new file mode 100644
index 0000000..9c71204
--- /dev/null
+++ b/manifests/rules/torify/redirect_dns_to_tor.pp
@@ -0,0 +1,38 @@
+define shorewall::rules::torify::redirect_dns_to_tor() {
+
+ $user = $name
+
+ $destzone = $shorewall::tor_dns_host ? {
+ '127.0.0.1' => '$FW',
+ default => 'net'
+ }
+
+ $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$tcp_rule"]) {
+ shorewall::rule {
+ "$tcp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'tcp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+ $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$udp_rule"]) {
+ shorewall::rule {
+ "$udp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'udp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+}