From 6cb88973f53aa7d92414797dd21952c1c1d5da98 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@boum.org>
Date: Sat, 7 Jan 2012 06:09:54 +0100
Subject: Support exempting some users from torification measures.

---
 manifests/rules/torify/non_torified_user.pp | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 manifests/rules/torify/non_torified_user.pp

(limited to 'manifests/rules/torify/non_torified_user.pp')

diff --git a/manifests/rules/torify/non_torified_user.pp b/manifests/rules/torify/non_torified_user.pp
new file mode 100644
index 0000000..34e4db7
--- /dev/null
+++ b/manifests/rules/torify/non_torified_user.pp
@@ -0,0 +1,25 @@
+define shorewall::rules::torify::non_torified_user() {
+
+  $user = $name
+
+  $whitelist_rule = "allow-from-user=${user}"
+  shorewall::rule {
+    "$whitelist_rule":
+      source      => '$FW',
+      destination => 'all',
+      user        => $user,
+      order       => 101,
+      action      => 'ACCEPT';
+  }
+
+  $nonat_rule = "dont-redirect-to-tor-user=${user}"
+  shorewall::rule {
+    "$nonat_rule":
+      source       => '$FW',
+      destination  => '-',
+      user         => $user,
+      order        => 106,
+      action       => 'NONAT';
+  }
+
+}
-- 
cgit v1.2.3