class firewall::shaping(
  $device         = hiera('firewall::device',         'eth0'),
  $in_bandwidth   = hiera('firewall::in_bandwidth',   '1000mbps'),
  $out_bandwidth  = hiera('firewall::out_bandwidth',  '1000mbps')
) {
  #
  # Traffic shaping
  #
  shorewall::tcdevices { "${device}":
    in_bandwidth  => "$in_bandwidth",
    out_bandwidth => "$out_bandwidth",
  }

  shorewall::tcrules { "ssh-tcp":
    order       => "1",
    source      => "0.0.0.0/0",
    destination => "0.0.0.0/0",
    protocol    => "tcp",
    ports       => "22",
  }

  shorewall::tcrules { "ssh-udp":
    order       => "1",
    source      => "0.0.0.0/0",
    destination => "0.0.0.0/0",
    protocol    => "udp",
    ports       => "22",
  }

  shorewall::tcclasses { "ssh":
    order     => "1",
    interface => "${device}",
    rate      => "4*full/100",
    ceil      => "full",
    priority  => "1",
  }

  shorewall::tcclasses { "default":
    order     => "2",
    interface => "${device}",
    rate      => "6*full/100",
    ceil      => "full",
    priority  => "2",
    options   => "default",
  }
}