class nodo::role::router inherits nodo::base::appliance {
  # We use monitor class on the router as the DNS server might by
  # inside a vserver and thus cannot access the network devices directly
  include nodo::utils::dns

  # Network auditing
  include nodo::utils::network::analyzer

  # Enable IP forwarding
  augeas { 'enable_ip_forwarding':
    changes => 'set /files/etc/shorewall/shorewall.conf/IP_FORWARDING On',
    lens    => 'Shellvars.lns',
    incl    => '/etc/shorewall/shorewall.conf',
    notify  => Service[shorewall];
  }

  # Make sure shorewall is reloaded after dhcp renew
  file { '/etc/dhcp/dhclient-exit-hooks.d/shorewall':
    ensure => present,
    owner  => root,
    group  => root,
    mode   => 0644,
    source => 'puppet:///modules/site_nodo/dhclient-exit-hooks.d/shorewall'
  }
}