Updates Tor relay rules

diff --git a/manifests/router/tor.pp b/manifests/router/tor.pp
index 710b4a0e8d219f46b0ae161676bf9db7c7ca8516..cf5cc58165d449f02f9de7da1580ba606af5900b 100644 (file)
--- a/manifests/router/tor.pp
+++ b/manifests/router/tor.pp
@@ -40,4 +40,46 @@ define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipadd
     ratelimit       => '-',
     order           => "29001",
   }
+
+  shorewall::rule { "tor-$name-5":
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9100",
+    proto           => 'tcp',
+    destinationport => "9100",
+    ratelimit       => '-',
+    order           => "29100",
+  }
+
+  shorewall::rule { "tor-$name-6":
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9100",
+    proto           => 'tcp',
+    destinationport => "9100",
+    originaldest    => "$originaldest",
+    ratelimit       => '-',
+    order           => "29100",
+  }
+
+  shorewall::rule { "tor-$name-7":
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9101",
+    proto           => 'tcp',
+    destinationport => "9101",
+    ratelimit       => '-',
+    order           => "29101",
+  }
+
+  shorewall::rule { "tor-$name-8":
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9101",
+    proto           => 'tcp',
+    destinationport => "9101",
+    originaldest    => "$originaldest",
+    ratelimit       => '-',
+    order           => "29101",
+  }
 }

diff --git a/manifests/virtual/tor.pp b/manifests/virtual/tor.pp
index 8424f3b7457f1c58c2c0992f8c2a4723ef1629f2..f4a1cb6098b1aad60a161b4ce1b3057d75f6883b 100644 (file)
--- a/manifests/virtual/tor.pp
+++ b/manifests/virtual/tor.pp
@@ -1,4 +1,4 @@
-class firewall::virtual::tor($destination, $zone = 'fw') {
+class firewall::virtual::tor($destination, $zone = 'vm') {
   shorewall::rule { 'tor-0':
     action          => 'DNAT',
     source          => 'net',
@@ -12,7 +12,7 @@ class firewall::virtual::tor($destination, $zone = 'fw') {
   shorewall::rule { 'tor-1':
     action          => 'DNAT',
     source          => '$FW',
-    destination     => "$zone:$destination:9000",
+    destination     => "fw:$destination:9000",
     proto           => 'tcp',
     destinationport => '9000',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),
@@ -33,11 +33,53 @@ class firewall::virtual::tor($destination, $zone = 'fw') {
   shorewall::rule { 'tor-3':
     action          => 'DNAT',
     source          => '$FW',
-    destination     => "$zone:$destination:9001",
+    destination     => "fw:$destination:9001",
     proto           => 'tcp',
     destinationport => '9001',
     originaldest    => hiera('firewall::external_ip', $::ipaddress),
     ratelimit       => '-',
     order           => 2103,
   }
+
+  shorewall::rule { 'tor-4':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9100",
+    proto           => 'tcp',
+    destinationport => '9100',
+    ratelimit       => '-',
+    order           => 2104,
+  }
+
+  shorewall::rule { 'tor-5':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:9100",
+    proto           => 'tcp',
+    destinationport => '9100',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    ratelimit       => '-',
+    order           => 2105,
+  }
+
+  shorewall::rule { 'tor-6':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9101",
+    proto           => 'tcp',
+    destinationport => '9101',
+    ratelimit       => '-',
+    order           => 2106,
+  }
+
+  shorewall::rule { 'tor-7':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:9101",
+    proto           => 'tcp',
+    destinationport => '9101',
+    originaldest    => hiera('firewall::external_ip', $::ipaddress),
+    ratelimit       => '-',
+    order           => 2107,
+  }
 }