1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
define shorewall::rules::torify::redirect_tcp_to_tor(
$user = '-',
$originaldest = '-'
){
# hash the destination as it may contain slashes
$originaldest_sha1 = sha1($originaldest)
$rule = "redirect-to-tor-user=${user}-to=${originaldest_sha1}"
if !defined(Shorewall::Rule["$rule"]) {
$originaldest_real = $originaldest ? {
'-' => '!127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16',
default => $originaldest,
}
$user_real = $user ? {
'-' => "!${shorewall::tor_user}",
default => $user,
}
$destzone = $shorewall::tor_transparent_proxy_host ? {
'127.0.0.1' => '$FW',
default => 'net'
}
shorewall::rule {
"$rule":
source => '$FW',
destination => "${destzone}:${shorewall::tor_transparent_proxy_host}:${shorewall::tor_transparent_proxy_port}",
proto => 'tcp:syn',
originaldest => $originaldest_real,
user => $user_real,
order => 110,
action => 'DNAT';
}
}
}
|