class firewall::wifi (
  $shorewall_local_net = false,
  $wifi_device         = '',
) {
  $rfc1918 = $shorewall_local_net ? {
    true    => true,
    false   => false,
    default => false,
  }

  # Default device depends if madwifi or
  # built-in kernel driver is being used
  $wifi_default_device = $lsbdistcodename ? {
    'lenny' => 'ath0',
    default => 'wlan0',
  }

  $wifi_dev = $wifi_device ? {
    ''      => $wifi_default_device,
    default => $wifi_device,
  }

  #
  # Interfaces
  #
  shorewall::interface { "$wifi_dev":
   zone    => '-',
   rfc1918 => $rfc1918,
  }

  #
  # Hosts
  #
  shorewall::host { "$wifi_dev-subnet":
    name    => "$wifi_dev:192.168.0.0/24",
    zone    => 'vm',
    options => '',
    order   => 1,
  }

  shorewall::host { "$wifi_dev":
    name    => "$wifi_dev:0.0.0.0/0",
    zone    => 'net',
    options => '',
    order   => 2,
  }

  shorewall::masq { "$wifi_dev":
    interface => "$wifi_dev:!192.168.0.0/24",
    source    => '192.168.0.0/24',
    order     => 1,
  }
}