requests- network activity that would otherwise be torified. In that
case you probably want to read proper documentation about such
matters, enable the Tor DNS resolver and redirect DNS requests through
-it,
-
-either globally:
-
- shorewall::rules::torify::redirect_dns_to_tor { '-': }
-
-or for specific users:
-
- shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: }
-
-The $tor_dns_host and $tor_dns_port variables must be set before
-these defines are setup.
+it.
Example
-------
case $tor_transparent_proxy_port {
'': { $tor_transparent_proxy_port = '9040' }
}
- case $tor_dns_host {
- '': { $tor_dns_host = '127.0.0.1' }
- }
- case $tor_dns_port {
- '': { $tor_dns_port = '8853' }
- }
if $tor_user == '' {
$tor_user = $dist_tor_user ? {
'' => 'tor',
+++ /dev/null
-define shorewall::rules::torify::redirect_dns_to_tor() {
-
- $user = $name
-
- $destzone = $shorewall::tor_dns_host ? {
- '127.0.0.1' => '$FW',
- default => 'net'
- }
-
- $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
- if !defined(Shorewall::Rule["$tcp_rule"]) {
- shorewall::rule {
- "$tcp_rule":
- source => '$FW',
- destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
- proto => 'tcp',
- destinationport => 'domain',
- user => $user,
- order => 108,
- action => 'DNAT';
- }
- }
-
- $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
- if !defined(Shorewall::Rule["$udp_rule"]) {
- shorewall::rule {
- "$udp_rule":
- source => '$FW',
- destination => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
- proto => 'udp',
- destinationport => 'domain',
- user => $user,
- order => 108,
- action => 'DNAT';
- }
- }
-
-}
projects / puppet-shorewall.git / commitdiff