summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--README13
-rw-r--r--manifests/init.pp6
-rw-r--r--manifests/rules/torify/redirect_dns_to_tor.pp38
3 files changed, 1 insertions, 56 deletions
diff --git a/README b/README
index 07c50f2..cb4424f 100644
--- a/README
+++ b/README
@@ -110,18 +110,7 @@ rejected. This is intentional: it does not make sense leaking -via DNS
requests- network activity that would otherwise be torified. In that
case you probably want to read proper documentation about such
matters, enable the Tor DNS resolver and redirect DNS requests through
-it,
-
-either globally:
-
- shorewall::rules::torify::redirect_dns_to_tor { '-': }
-
-or for specific users:
-
- shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: }
-
-The $tor_dns_host and $tor_dns_port variables must be set before
-these defines are setup.
+it.
Example
-------
diff --git a/manifests/init.pp b/manifests/init.pp
index a446253..dd28767 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -27,12 +27,6 @@ class shorewall(
case $tor_transparent_proxy_port {
'': { $tor_transparent_proxy_port = '9040' }
}
- case $tor_dns_host {
- '': { $tor_dns_host = '127.0.0.1' }
- }
- case $tor_dns_port {
- '': { $tor_dns_port = '8853' }
- }
if $tor_user == '' {
$tor_user = $dist_tor_user ? {
'' => 'tor',
diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp
deleted file mode 100644
index 9c71204..0000000
--- a/manifests/rules/torify/redirect_dns_to_tor.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define shorewall::rules::torify::redirect_dns_to_tor() {
-
- $user = $name
-
- $destzone = $shorewall::tor_dns_host ? {
- '127.0.0.1' => '$FW',
- default => 'net'
- }
-
- $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
- if !defined(Shorewall::Rule["$tcp_rule"]) {
- shorewall::rule {
- "$tcp_rule":
- source => '$FW',
- destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
- proto => 'tcp',
- destinationport => 'domain',
- user => $user,
- order => 108,
- action => 'DNAT';
- }
- }
-
- $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
- if !defined(Shorewall::Rule["$udp_rule"]) {
- shorewall::rule {
- "$udp_rule":
- source => '$FW',
- destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
- proto => 'udp',
- destinationport => 'domain',
- user => $user,
- order => 108,
- action => 'DNAT';
- }
- }
-
-}