diff options
-rw-r--r-- | README | 13 | ||||
-rw-r--r-- | manifests/init.pp | 6 | ||||
-rw-r--r-- | manifests/rules/torify/redirect_dns_to_tor.pp | 38 |
3 files changed, 1 insertions, 56 deletions
@@ -110,18 +110,7 @@ rejected. This is intentional: it does not make sense leaking -via DNS requests- network activity that would otherwise be torified. In that case you probably want to read proper documentation about such matters, enable the Tor DNS resolver and redirect DNS requests through -it, - -either globally: - - shorewall::rules::torify::redirect_dns_to_tor { '-': } - -or for specific users: - - shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: } - -The $tor_dns_host and $tor_dns_port variables must be set before -these defines are setup. +it. Example ------- diff --git a/manifests/init.pp b/manifests/init.pp index a446253..dd28767 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -27,12 +27,6 @@ class shorewall( case $tor_transparent_proxy_port { '': { $tor_transparent_proxy_port = '9040' } } - case $tor_dns_host { - '': { $tor_dns_host = '127.0.0.1' } - } - case $tor_dns_port { - '': { $tor_dns_port = '8853' } - } if $tor_user == '' { $tor_user = $dist_tor_user ? { '' => 'tor', diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp deleted file mode 100644 index 9c71204..0000000 --- a/manifests/rules/torify/redirect_dns_to_tor.pp +++ /dev/null @@ -1,38 +0,0 @@ -define shorewall::rules::torify::redirect_dns_to_tor() { - - $user = $name - - $destzone = $shorewall::tor_dns_host ? { - '127.0.0.1' => '$FW', - default => 'net' - } - - $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}" - if !defined(Shorewall::Rule["$tcp_rule"]) { - shorewall::rule { - "$tcp_rule": - source => '$FW', - destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}", - proto => 'tcp', - destinationport => 'domain', - user => $user, - order => 108, - action => 'DNAT'; - } - } - - $udp_rule = "redirect-udp-dns-to-tor-user=${user}" - if !defined(Shorewall::Rule["$udp_rule"]) { - shorewall::rule { - "$udp_rule": - source => '$FW', - destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}", - proto => 'udp', - destinationport => 'domain', - user => $user, - order => 108, - action => 'DNAT'; - } - } - -} |