Implemement IPv4/IPv6 Forwarding Rules Generation

[jonathanio]

As a Network Engineer I want to control what traffic enters and leaves VLANs on a network So that I can limit access to systems as services, as needed.

Description

Currently, the FORWARD chains are only ACCEPT for all traffic, which needs to be properly managed. We need a way to generate the address lists and/or rules in the FORWARD chains so they can be deployed and secure the network.

Notes

This will likely be a set of per-VLAN rules, although we probably want a way to group them, especially for some of my networks, which are grouped and will behave the same.

Acceptance Criteria

• [x] Update /ip settings and /ipv6 settings to blow IP forwarding on non-routing devices.
• [x] Create the templates required to generate IPv4 and IPv6 rules.
• [x] Create the address lists needed to build the forwarding rules to be deployed.

[jonathanio]

The scripts now support the following:

• Creation of rules which enable port-forwarding from external IPs to internal hosts, with rules to allow all internal VLANs to access the internal IP/Port, and can support hairpin NAT when required too.
• Creation of shared services which allow more general traffic inside the network (e.g. internal web services which should always be available).
• Creation of per-VLAN rules which allow control of what traffic should be allowed from each VLAN.