Add iptables config customization package support for Debian

This package adds the configuration files needed to start the iptables
and ip6tables services. On Debian bullseye the filtering is
implemented with nftables, with iptables and ip6tables being aliases
the former.

Test plan:
PASS: build starlingx-debian ISO
PASS: install starlingx-debian ISO on virtualbox

Story: 2009965
Task: 45082

Signed-off-by: Andre Fernando Zanella Kantek <AndreFernandoZanella.Kantek@windriver.com>
Change-Id: Idd4e86ba671c34e872a00288ca126aee6deaa5b5

debian_pkg_dirs

@@ -4,6 +4,7 @@ dhcp-config
 dnsmasq-config
 docker-config
 initscripts-config
+iptables-config
 lighttpd-config
 lvm2-config
 memcached-custom

iptables-config/debian/deb_folder/changelog

@@ -0,0 +1,5 @@
+iptables-config (1.0-1) unstable; urgency=medium
+
+  * Initial release
+
+ -- Andre Kantek <AndreFernandoZanella.Kantek@windriver.com>  Wed, 13 Apr 2022 08:50:58 -0300

iptables-config/debian/deb_folder/control

@@ -0,0 +1,13 @@
+Source: iptables-config
+Section: admin
+Priority: optional
+Maintainer: StarlingX Developers <starlingx-discuss@lists.starlingx.io>
+Build-Depends: debhelper-compat (= 13)
+Standards-Version: 4.4.1
+Homepage: https://www.starlingx.io
+
+Package: iptables-config
+Architecture: any
+Depends: ${misc:Depends}, iptables, iptables-persistent, nftables
+Description: StarlingX configuration files - iptables-config
+ Package of iptables-config to system folder.

iptables-config/debian/deb_folder/copyright

@@ -0,0 +1,27 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: iptables-config
+Source: https://opendev.org/starlingx/config-files
+
+Files: *
+Copyright: (c) 2013-2021 Wind River Systems, Inc
+License: Apache-2
+
+Files: debian/*
+Copyright: 2021 Wind River Systems, Inc
+License: Apache-2
+
+License: Apache-2
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+ .
+    https://www.apache.org/licenses/LICENSE-2.0
+ .
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ .
+ On Debian-based systems the full text of the Apache version 2.0 license
+ can be found in `/usr/share/common-licenses/Apache-2.0'.

iptables-config/debian/deb_folder/iptables-config.install

@@ -0,0 +1,2 @@
+iptables.rules usr/share/starlingx
+ip6tables.rules usr/share/starlingx

iptables-config/debian/deb_folder/postinst

@@ -0,0 +1,16 @@
+#!/bin/sh
+
+set -e
+
+cp -f /usr/share/starlingx/iptables.rules /etc/iptables/rules.v4
+chmod 600 /etc/iptables/rules.v4
+cp -f /usr/share/starlingx/ip6tables.rules /etc/iptables/rules.v6
+chmod 600 /etc/iptables/rules.v6
+
+systemctl unmask nftables.service
+systemctl enable nftables.service >/dev/null 2>&1 || :
+
+systemctl unmask iptables.service ip6tables.service
+systemctl enable iptables.service ip6tables.service >/dev/null 2>&1 || :
+
+#DEBHELPER#

iptables-config/debian/deb_folder/rules

@@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+#export DH_VERBOSE = 1
+
+%:
+	dh $@

iptables-config/debian/deb_folder/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

iptables-config/debian/meta_data.yaml

@@ -0,0 +1,7 @@
+---
+debname: iptables-config
+debver: 1.0-1
+src_path: source-debian
+revision:
+  dist: $STX_DIST
+  PKG_GITREVCOUNT: true

iptables-config/source-debian/ip6tables.rules

@@ -0,0 +1,8 @@
+# system default rules
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:INPUT-custom-pre - [0:0]
+:INPUT-custom-post - [0:0]
+COMMIT

iptables-config/source-debian/iptables.rules

@@ -0,0 +1,8 @@
+# system default rules
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+:INPUT-custom-pre - [0:0]
+:INPUT-custom-post - [0:0]
+COMMIT