From: intrigeri <intrigeri@boum.org>
Date: Wed, 2 Jan 2013 17:01:43 +0000 (+0100)
Subject: Revert "Allow redirecting DNS requests to Tor for specific users or globally."
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=88fa544a9c2f974b35a169b4e3865ccaf4f68fd1;p=puppet-shorewall.git

Revert "Allow redirecting DNS requests to Tor for specific users or globally."

This reverts commit 0c28fa636653f395c756f56c93f8c78fddfcee00.

This stuff is not ready for the shared repo, but we want to take benefit from me
having already merged immerda's stuff into my branch and solved the conflicts.
---

diff --git a/README b/README
index 07c50f2..cb4424f 100644
--- a/README
+++ b/README
@@ -110,18 +110,7 @@ rejected. This is intentional: it does not make sense leaking -via DNS
 requests- network activity that would otherwise be torified. In that
 case you probably want to read proper documentation about such
 matters, enable the Tor DNS resolver and redirect DNS requests through
-it,
-
-either globally:
-
-  shorewall::rules::torify::redirect_dns_to_tor { '-': }
-
-or for specific users:
-
-  shorewall::rules::torify::redirect_dns_to_tor { ['bob', 'alice' ]: }
-
-The $tor_dns_host and $tor_dns_port variables must be set before
-these defines are setup.
+it.
 
 Example
 -------
diff --git a/manifests/init.pp b/manifests/init.pp
index a446253..dd28767 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -27,12 +27,6 @@ class shorewall(
   case $tor_transparent_proxy_port {
     '': { $tor_transparent_proxy_port = '9040' }
   }
-  case $tor_dns_host {
-    '': { $tor_dns_host = '127.0.0.1' }
-  }
-  case $tor_dns_port {
-    '': { $tor_dns_port = '8853' }
-  }
   if $tor_user == '' {
     $tor_user = $dist_tor_user ? {
       ''      => 'tor',
diff --git a/manifests/rules/torify/redirect_dns_to_tor.pp b/manifests/rules/torify/redirect_dns_to_tor.pp
deleted file mode 100644
index 9c71204..0000000
--- a/manifests/rules/torify/redirect_dns_to_tor.pp
+++ /dev/null
@@ -1,38 +0,0 @@
-define shorewall::rules::torify::redirect_dns_to_tor() {
-
-  $user = $name
-
-  $destzone = $shorewall::tor_dns_host ? {
-    '127.0.0.1' => '$FW',
-    default     => 'net'
-  }
-
-  $tcp_rule = "redirect-tcp-dns-to-tor-user=${user}"
-  if !defined(Shorewall::Rule["$tcp_rule"]) {
-    shorewall::rule {
-      "$tcp_rule":
-        source          => '$FW',
-        destination     => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
-        proto           => 'tcp',
-        destinationport => 'domain',
-        user            => $user,
-        order           => 108,
-        action          => 'DNAT';
-    }
-  }
-
-  $udp_rule = "redirect-udp-dns-to-tor-user=${user}"
-  if !defined(Shorewall::Rule["$udp_rule"]) {
-    shorewall::rule {
-      "$udp_rule":
-        source          => '$FW',
-        destination     => "${destzone}:${shorewall::tor_dns_host}:${shorewall::tor_dns_port}",
-        proto           => 'udp',
-        destinationport => 'domain',
-        user            => $user,
-        order           => 108,
-        action          => 'DNAT';
-    }
-  }
-
-}