EL7: ncm-iptables does not work off the shelf + support for firewalld

[jouvin]

In EL7, iptables services is not installed by default as it is replaced by firewalld. As a result ncm-iptables fails the first time it runs when it tries to restart iptables service... but probably even worst, it succeeds after the first run because it doesn't try to restart the service if /etc/sysconfig/iptables has not changed... This should clearly be fixed.

Additionnally, it is necessary to properly support firewalld which has a completely different configuration. Does it make sense to have a ncm-systemd approach where a configuration module ncm-firewalld could ingest configuration from ncm-iptables and do what is appropriate to implement the same config with firewalld?

Actions required:

• [ ] ensure that ncm-iptables fails as long as it has not run successfully, even if /etc/sysconfig/iptables has not changed.
• [ ] add a configuration module ncm-firewalld, possibly implementing ncm-iptables as a legacy configuration, in the same way ncm-systemd does for ncm-chkconfig.
• See https://github.com/quattor/template-library-os/issues/83 for the complementary change required in the template library.

[stdweird]

also add required iptables dependencies wrt to switching to firewalld, you might also consider switching to shorewall (for both el6 and el7).