diff options
| author | intrigeri <intrigeri@boum.org> | 2013-01-02 18:02:31 +0100 |
|---|---|---|
| committer | intrigeri <intrigeri@boum.org> | 2013-01-02 18:02:31 +0100 |
| commit | 5e555243c8dd93f7e5cfadacc9c3843d5f9d421c (patch) | |
| tree | ae9523884d7447e57a9a1ac91f60a39da24c8e04 /manifests/rules/torify/redirect_tcp_to_tor.pp | |
| parent | 88fa544a9c2f974b35a169b4e3865ccaf4f68fd1 (diff) | |
Revert "Support exempting some users from torification measures."
This reverts commit 6bc54f031b9ae12fe428c83e70733c8b2ff4c67a.
This stuff is not ready for the shared repo, but we want to take benefit from me
having already merged immerda's stuff into my branch and solved the conflicts.
Diffstat (limited to 'manifests/rules/torify/redirect_tcp_to_tor.pp')
| -rw-r--r-- | manifests/rules/torify/redirect_tcp_to_tor.pp | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/manifests/rules/torify/redirect_tcp_to_tor.pp b/manifests/rules/torify/redirect_tcp_to_tor.pp index fe1c5fe..2bee658 100644 --- a/manifests/rules/torify/redirect_tcp_to_tor.pp +++ b/manifests/rules/torify/redirect_tcp_to_tor.pp @@ -14,6 +14,11 @@ define shorewall::rules::torify::redirect_tcp_to_tor( default => $originaldest, } + $user_real = $user ? { + '-' => "!${shorewall::tor_user}", + default => $user, + } + $destzone = $shorewall::tor_transparent_proxy_host ? { '127.0.0.1' => '$FW', default => 'net' @@ -25,7 +30,7 @@ define shorewall::rules::torify::redirect_tcp_to_tor( destination => "${destzone}:${shorewall::tor_transparent_proxy_host}:${shorewall::tor_transparent_proxy_port}", proto => 'tcp:syn', originaldest => $originaldest_real, - user => $user, + user => $user_real, order => 110, action => 'DNAT'; } |