class firewall::virtual::mdns($destination, $zone = 'fw') {
  shorewall::rule { 'mdns-0':
    action          => 'DNAT',
    source          => 'net',
    destination     => "$zone:$destination:5353",
    proto           => 'tcp',
    destinationport => '5353',
    ratelimit       => '-',
    order           => 2700,
  }
}