Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
P
puppet-shorewall
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Service Desk
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
chris
puppet-shorewall
Commits
e31f901d
Commit
e31f901d
authored
Nov 11, 2012
by
intrigeri
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'feature/torification-exception' into old-master
parents
6c29c55b
6bc54f03
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
45 additions
and
26 deletions
+45
-26
README
README
+4
-1
manifests/init.pp
manifests/init.pp
+4
-0
manifests/rules/torify.pp
manifests/rules/torify.pp
+2
-0
manifests/rules/torify/allow_tor_user.pp
manifests/rules/torify/allow_tor_user.pp
+0
-15
manifests/rules/torify/non_torified_user.pp
manifests/rules/torify/non_torified_user.pp
+25
-0
manifests/rules/torify/non_torified_users.pp
manifests/rules/torify/non_torified_users.pp
+9
-0
manifests/rules/torify/redirect_tcp_to_tor.pp
manifests/rules/torify/redirect_tcp_to_tor.pp
+1
-6
manifests/rules/torify/user.pp
manifests/rules/torify/user.pp
+0
-4
No files found.
README
View file @
e31f901d
...
...
@@ -88,8 +88,11 @@ When no destination is provided traffic directed to RFC1918 addresses
is by default allowed and (obviously) not torified. This behaviour can
be changed by setting the allow_rfc1918 parameter to false.
Torify any outgoing TCP traffic but connections to RFC1918 addresses:
Torify any outgoing TCP traffic but
- connections to RFC1918 addresses
- connections from users bob and alice:
$non_torified_users = [ 'bob', 'alice' ]
shorewall::rules::torify {
'torify-everything-but-lan':
}
...
...
manifests/init.pp
View file @
e31f901d
...
...
@@ -33,6 +33,10 @@ class shorewall(
default
=>
$dist_tor_user
,
}
}
case
$non_torified_users
{
''
:
{
$non_torified_users
=
[]
}
}
$real_non_torified_users
=
uniq_flatten
([
$tor_user
,
$non_torified_users
])
# See http://www.shorewall.net/3.0/Documentation.htm#Zones
shorewall::managed_file
{
zones
:
}
...
...
manifests/rules/torify.pp
View file @
e31f901d
...
...
@@ -18,6 +18,8 @@ define shorewall::rules::torify(
$allow_rfc1918
=
true
){
include
shorewall::rules::torify::non_torified_users
$originaldest
=
join
(
$destinations
,
','
)
shorewall::rules::torify::user
{
...
...
manifests/rules/torify/allow_tor_user.pp
deleted
100644 → 0
View file @
6c29c55b
class
shorewall::rules::torify::allow_tor_user
{
$whitelist_rule
=
"allow-from-tor-user"
if
!
defined
(
Shorewall
::
Rule
[
"
$whitelist_rule
"
])
{
shorewall::rule
{
"
$whitelist_rule
"
:
source
=>
'$FW'
,
destination
=>
'all'
,
user
=>
$shorewall::tor_user
,
order
=>
101
,
action
=>
'ACCEPT'
;
}
}
}
manifests/rules/torify/non_torified_user.pp
0 → 100644
View file @
e31f901d
define
shorewall::rules::torify::non_torified_user
()
{
$user
=
$name
$whitelist_rule
=
"allow-from-user=
${user}
"
shorewall::rule
{
"
$whitelist_rule
"
:
source
=>
'$FW'
,
destination
=>
'all'
,
user
=>
$user
,
order
=>
101
,
action
=>
'ACCEPT'
;
}
$nonat_rule
=
"dont-redirect-to-tor-user=
${user}
"
shorewall::rule
{
"
$nonat_rule
"
:
source
=>
'$FW'
,
destination
=>
'-'
,
user
=>
$user
,
order
=>
106
,
action
=>
'NONAT'
;
}
}
manifests/rules/torify/non_torified_users.pp
0 → 100644
View file @
e31f901d
class
shorewall::rules::torify::non_torified_users
{
$real_non_torified_users
=
$shorewall::real_non_torified_users
shorewall::rules::torify::non_torified_user
{
$real_non_torified_users
:
}
}
manifests/rules/torify/redirect_tcp_to_tor.pp
View file @
e31f901d
...
...
@@ -14,11 +14,6 @@ define shorewall::rules::torify::redirect_tcp_to_tor(
default
=>
$originaldest
,
}
$user_real
=
$user
?
{
'-'
=>
"!
${shorewall::tor_user}
"
,
default
=>
$user
,
}
$destzone
=
$shorewall::tor_transparent_proxy_host
?
{
'127.0.0.1'
=>
'$FW'
,
default
=>
'net'
...
...
@@ -30,7 +25,7 @@ define shorewall::rules::torify::redirect_tcp_to_tor(
destination
=>
"
${destzone}
:
${shorewall::tor_transparent_proxy_host}
:
${shorewall::tor_transparent_proxy_port}
"
,
proto
=>
'tcp:syn'
,
originaldest
=>
$originaldest_real
,
user
=>
$user
_real
,
user
=>
$user
,
order
=>
110
,
action
=>
'DNAT'
;
}
...
...
manifests/rules/torify/user.pp
View file @
e31f901d
...
...
@@ -7,10 +7,6 @@ define shorewall::rules::torify::user(
include
shorewall::rules::torify::allow_tor_transparent_proxy
if
$originaldest
==
'-'
and
$user
==
'-'
{
include
shorewall::rules::torify::allow_tor_user
}
shorewall::rules::torify::redirect_tcp_to_tor
{
"redirect-to-tor-user=
${user}
-to=
${originaldest}
"
:
user
=>
$user
,
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment