puppet nftables

Révision e53053ce

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more
obvious to understand what order to choose.

An example resulting table ends up reading as:

```
HASH Start of fragment order:00 default_in header
chain default_in {
HASH Start of fragment order:50 rulename:default_in-dhcpv6_client
ip6 saddr fe80::/10 ip6 daddr fe80::/10 udp sport 547 udp dport 546 accept
HASH Start of fragment order:50 rulename:default_in-ssh
tcp dport {22} accept
HASH Start of fragment order:90 rulename:default_in-drop_broadcasts
meta pkttype broadcast counter drop
HASH Start of fragment order:99 default_in footer
}

```

In addition there is a new test `nftables::rule`. This includes
a pending test since I would assume setting source and content
on a rule should be an error however this currently not the case.

      $fragment = "nftables-${table}-chain-${data[0]}-rule-${data[1]}"

    }

    concat::fragment{"${fragment}_header":

      content => "#   Start of fragment order:${order} rulename:${rulename}",

      order   => "${order}${fragment}a",

      target  => "nftables-${table}-chain-${data[0]}",

    }

    concat::fragment{

      $fragment:

        order  => $order,

        order  => "${order}${fragment}b",

        target => "nftables-${table}-chain-${data[0]}",

    }

Formats disponibles : Unified diff