puppet nftables

Révision e53053ce

Add comments for all the nftable::rules entries

For each nftable::rule this adds an extra concat fragment to
add a comment containing the name and order number for the rule.

The motivation here is to make the mapping from resulting rules back
to puppet code more obvious. When adding a new rule it should be more
obvious to understand what order to choose.

An example resulting table ends up reading as:

```
HASH Start of fragment order:00 default_in header
chain default_in {
HASH Start of fragment order:50 rulename:default_in-dhcpv6_client
ip6 saddr fe80::/10 ip6 daddr fe80::/10 udp sport 547 udp dport 546 accept
HASH Start of fragment order:50 rulename:default_in-ssh
tcp dport {22} accept
HASH Start of fragment order:90 rulename:default_in-drop_broadcasts
meta pkttype broadcast counter drop
HASH Start of fragment order:99 default_in footer
}

```

In addition there is a new test `nftables::rule`. This includes
a pending test since I would assume setting source and content
on a rule should be an error however this currently not the case.

        is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-bridge_br0_br0').with(

          target:  'nftables-inet-filter-chain-default_fwd',

          content: %r{^  iifname br0 oifname br0 accept$},

          order:   '08',

          order:   '08nftables-inet-filter-chain-default_fwd-rule-bridge_br0_br0b',

        )

      }

      it {

        is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-rule-bridge_br1_br1').with(

          target:  'nftables-inet-filter-chain-default_fwd',

          content: %r{^  iifname br1 oifname br1 accept$},

          order:   '08',

          order:   '08nftables-inet-filter-chain-default_fwd-rule-bridge_br1_br1b',

        )

      }

      it { is_expected.not_to contain_concat__fragment('nftables-inet-filter-chain-default_fwd-bridge_br0_br1') }

Formats disponibles : Unified diff