class firewall::local($network = '192.168.1.0/24', $interface = 'eth0', $manage_host = true, $manage_interface = false) {

  if $manage_host {
    shorewall::host { "$interface-loc":
      name    => "$interface:$network",
      zone    => 'loc',
      options => '',
      order   => '3',
    }
  }

  if $manage_interface {
    shorewall::interface { "$interface":
      zone    => 'loc',
      rfc1918 => true,
      dhcp    => true,
      options => 'routeback',
    }
  }

  shorewall::policy { 'loc-all':
    sourcezone      => 'loc',
    destinationzone => 'all',
    policy          => 'ACCEPT',
    order           => '5',
  }

  shorewall::policy { 'vm-loc':
    sourcezone      => 'vm',
    destinationzone => 'loc',
    policy          => 'ACCEPT',
    order           => '6',
  }

  shorewall::policy { 'fw-loc':
    sourcezone      => '$FW',
    destinationzone => 'loc',
    policy          => 'ACCEPT',
    order           => '7',
  }

  shorewall::zone { 'loc':
    type  => 'ipv4',
    order => '4',
  }
}