…ination and source
A custom provider should probably be aware that these kind of masks are possible.
Since Linux 3.7+ the "state" module has been removed from the kernel, leaving only the "conntrack" module. This patch adds support for the conntrack module in iptables by adding a new parameter to the firewall type, 'ctstate'. Updates the README to demonstrate using the ctstate parameter instead of state to nudge people to use it instead. This is safe as far as back to Linux kernel 2.6.18, so long as CONFIG_NF_CONNTRACK is enabled.
`rspec-system-puppet` helpers are already included few lines above the deleted line, which by the way would have no effect anyway.
I assume this commit is self-explanatory...