requests- network activity that would otherwise be torified. In that
case you probably want to read proper documentation about such
matters, enable the Tor DNS resolver and redirect DNS requests through
-it.
+it,
+
+either globally:
+
+ shorewall::rules::torify::redirect_dns_to_tor { '-': }
+
+or for specific users:
+
+ shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: }
+
+The $tor_dns_host and $tor_dns_port variables must be set before
+these defines are setup.
Example
-------
case $tor_transparent_proxy_port {
'': { $tor_transparent_proxy_port = '9040' }
}
+ case $tor_dns_host {
+ '': { $tor_dns_host = '127.0.0.1' }
+ }
+ case $tor_dns_port {
+ '': { $tor_dns_port = '8853' }
+ }
if $tor_user == '' {
$tor_user = $dist_tor_user ? {
'' => 'tor',
--- /dev/null
+define shorewall::rules::torify::redirect_dns_to_tor() {
+
+ $user = $name
+
+ $destzone = $shorewall::tor_dns_host ? {
+ '127.0.0.1' => '$FW',
+ default => 'net'
+ }
+
+ $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$tcp_rule"]) {
+ shorewall::rule {
+ "$tcp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'tcp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+ $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
+ if !defined(Shorewall::Rule["$udp_rule"]) {
+ shorewall::rule {
+ "$udp_rule":
+ source => '$FW',
+ destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
+ proto => 'udp',
+ destinationport => 'domain',
+ user => $user,
+ order => 108,
+ action => 'DNAT';
+ }
+ }
+
+}
projects / puppet-shorewall.git / commitdiff