Ensure recent iptables changes have corresponding tests

[conorsch]

The iptables changes in #1053 have made it into master via release/0.3.4, but haven't been merged into develop yet. There are four major components to the iptables changes:

1. add IPv6 rules with DROP as default chain
2. update IPv4 rules with DROP as default chain
3. adding interface restrictions to staging SSH rules
4. reenable rate limiting for SSH over Tor

When backporting the changes, new serverspec tests should be added to validate the updated config. Therefore #1070 should be merged into develop before the iptables fixes are backported.

Attempting a standard merge from the feature branch used for #1053 results in a dozen or so merge conflicts, mostly related to documentation. It'd be cleaner to cherry-pick the following four commits, straight from #1053:

• 1cce87e
• adb36b3
• e3f48e1
• 46a0ecc

[conorsch]

All of these commits are present in #1075. Leaving this issue open until #1075 is closed.

[garrettr]

@conorsch #1075 is closed, so the iptables changes from the last iSec audit are now included in develop. Do you want to re-purpose this issue for updating the spec tests to fit the new rules, or should we close this issue and open a new one for that?

[conorsch]

@garrettr Changes are backported, but are untested. Repurposing this issue to track the tests. Will add tests for the issues to #1070.

[conorsch]

Resolved by #1616. We now test the entire iptables ruleset for staging hosts, both locally and as part of CI (#1666).