Adding firewall::router::tor

diff --git a/manifests/router.pp b/manifests/router.pp
index 7fa2db39938ae99dfef0d86a85adbe1b8d684f6d..32f9359e2912172f252f56c3c4f3981e08a506de 100644 (file)
--- a/manifests/router.pp
+++ b/manifests/router.pp
@@ -273,6 +273,50 @@ define firewall::router::ssh($destination, $port_orig = '22', $port_dest = '', $
   }
 }
 
+define firewall::router::tor($destination, $zone = 'loc', $originaldest = $ipaddress) {
+  shorewall::rule { "tor-$name-1":
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => "9001",
+    ratelimit       => '-',
+    order           => "29001",
+  }
+
+  shorewall::rule { "tor-$name-2":
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9001",
+    proto           => 'tcp',
+    destinationport => "9001",
+    originaldest    => "$originaldest",
+    ratelimit       => '-',
+    order           => "29001",
+  }
+
+  shorewall::rule { "tor-$name-3":
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:9030",
+    proto           => 'tcp',
+    destinationport => "9030",
+    ratelimit       => '-',
+    order           => "29030",
+  }
+
+  shorewall::rule { "tor-$name-4":
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "$zone:$destination:9030",
+    proto           => 'tcp',
+    destinationport => "9030",
+    originaldest    => "$originaldest",
+    ratelimit       => '-',
+    order           => "29030",
+  }
+}
+
 define firewall::router::munin($destination, $port_orig, $port_dest = '', $zone = 'loc',
                                $order = '400', $originaldest = $ipaddress) {
   shorewall::rule { "munin-$name-1":