define shorewall::rules::torify::reject_non_tor( $user = '-', $originaldest = '-', $allow_rfc1918 = true ){ # hash the destination as it may contain slashes $originaldest_sha1 = sha1($originaldest) $rule = "reject-non-tor-from-${user}-to=${originaldest_sha1}" if $originaldest == '-' { $originaldest_real = $allow_rfc1918 ? { false => '!127.0.0.1', default => '!127.0.0.1,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16', } } else { $originaldest_real = $originaldest } if !defined(Shorewall::Rule["$rule"]) { shorewall::rule { "$rule": source => '$FW', destination => 'all', originaldest => $originaldest_real, user => $user, order => 120, action => 'REJECT'; } } }