Commit 88fa544a authored by intrigeri's avatar intrigeri

Revert "Allow redirecting DNS requests to Tor for specific users or globally."

This reverts commit 0c28fa63.

This stuff is not ready for the shared repo, but we want to take benefit from me
having already merged immerda's stuff into my branch and solved the conflicts.
parent c725e8bf
...@@ -110,18 +110,7 @@ rejected. This is intentional: it does not make sense leaking -via DNS ...@@ -110,18 +110,7 @@ rejected. This is intentional: it does not make sense leaking -via DNS
requests- network activity that would otherwise be torified. In that requests- network activity that would otherwise be torified. In that
case you probably want to read proper documentation about such case you probably want to read proper documentation about such
matters, enable the Tor DNS resolver and redirect DNS requests through matters, enable the Tor DNS resolver and redirect DNS requests through
it, it.
either globally:
shorewall::rules::torify::redirect_dns_to_tor { '-': }
or for specific users:
shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: }
The $tor_dns_host and $tor_dns_port variables must be set before
these defines are setup.
Example Example
------- -------
......
...@@ -27,12 +27,6 @@ class shorewall( ...@@ -27,12 +27,6 @@ class shorewall(
case $tor_transparent_proxy_port { case $tor_transparent_proxy_port {
'': { $tor_transparent_proxy_port = '9040' } '': { $tor_transparent_proxy_port = '9040' }
} }
case $tor_dns_host {
'': { $tor_dns_host = '127.0.0.1' }
}
case $tor_dns_port {
'': { $tor_dns_port = '8853' }
}
if $tor_user == '' { if $tor_user == '' {
$tor_user = $dist_tor_user ? { $tor_user = $dist_tor_user ? {
'' => 'tor', '' => 'tor',
......
define shorewall::rules::torify::redirect_dns_to_tor() {
$user = $name
$destzone = $shorewall::tor_dns_host ? {
'127.0.0.1' => '$FW',
default => 'net'
}
$tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
if !defined(Shorewall::Rule["$tcp_rule"]) {
shorewall::rule {
"$tcp_rule":
source => '$FW',
destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
proto => 'tcp',
destinationport => 'domain',
user => $user,
order => 108,
action => 'DNAT';
}
}
$udp_rule = "redirect-udp-dns-to-tor-user=${user}"
if !defined(Shorewall::Rule["$udp_rule"]) {
shorewall::rule {
"$udp_rule":
source => '$FW',
destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
proto => 'udp',
destinationport => 'domain',
user => $user,
order => 108,
action => 'DNAT';
}
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment