class firewall::local( $network = hiera('nodo::firewall::local::network', '192.168.1.0/24'), $interface = hiera('nodo::firewall::local::interface', 'eth0'), $manage_host = hiera('nodo::firewall::local::manage_host', True), $manage_interface = hiera('nodo::firewall::local::manage_iface', false) ) { if $manage_host { shorewall::host { "$interface-loc": name => "$interface:$network", zone => 'loc', options => '', order => 3, } } if $manage_interface { shorewall::interface { "$interface": zone => 'loc', rfc1918 => true, dhcp => true, options => 'routeback', } } shorewall::policy { 'loc-all': sourcezone => 'loc', destinationzone => 'all', policy => 'ACCEPT', order => 5, } shorewall::policy { 'vm-loc': sourcezone => 'vm', destinationzone => 'loc', policy => 'ACCEPT', order => 6, } shorewall::policy { 'fw-loc': sourcezone => '$FW', destinationzone => 'loc', policy => 'ACCEPT', order => 7, } }