class firewall::router::torrent(
  $destination,
  $zone         = 'loc',
  $originaldest = $ipaddress,
  $range        = hiera('firewall::torrent::range', '6881:6999')
) {
  shorewall::rule { "torrent-tcp-1":
    action          => 'DNAT',
    source          => 'net',
    destination     => "$zone:$destination",
    proto           => 'tcp',
    destinationport => "$range",
    ratelimit       => '-',
    order           => 200,
  }

  shorewall::rule { "torrent-tcp-2":
    action          => 'DNAT',
    source          => 'all',
    destination     => "$zone:$destination",
    proto           => 'tcp',
    destinationport => "$range",
    originaldest    => "$originaldest",
    ratelimit       => '-',
    order           => 200,
  }

  shorewall::rule { "torrent-udp-1":
    action          => 'DNAT',
    source          => 'net',
    destination     => "$zone:$destination",
    proto           => 'udp',
    destinationport => "$range",
    ratelimit       => '-',
    order           => 201,
  }

  shorewall::rule { "torrent-udp-2":
    action          => 'DNAT',
    source          => 'all',
    destination     => "$zone:$destination",
    proto           => 'udp',
    destinationport => "6881:6999",
    originaldest    => "$originaldest",
    ratelimit       => '-',
    order           => 201,
  }
}