feat: Apply firewall config for multiple bridges and IPv6

[bschimke95]

Add a new bridges input parameter to allow specifying a comma-separated list of LXD bridges for iptables configuration. This makes the action more flexible for setups with multiple bridge interfaces.

Also, extends the firewall configuration for IPv6

[tomponline]

Nice thanks!

[tomponline]

@bschimke95 needs to be signed off please

[bschimke95]

Thanks, that was a quick review :)

Can we do a release with that change or should I use the commit?

[bschimke95]

Test run using the multiple bridges input: https://github.com/canonical/k8s-snap/actions/runs/14901878737/job/41856443865?pr=1422#step:8:108

[tomponline]

I'm happy to make a release, but will wait for @simondeziel review first.

[simondeziel]

Thanks, LGTM but I have a tiny question.

[simondeziel]

Is that because the IPv6 chain might be missing? If so, how about having another if block to check for its existence and move the bridges array out of the conditional blocks?

[bschimke95]

Yes, this essentially applies the rules on a best-effort basis, and it's not a problem if some steps fail — they can fail, for example, if:

• the DOCKER-USER chain doesn’t exist, or
• iptables or ip6tables aren’t available on the system.

I feel that adding conditional checks would make this section unnecessarily complex, but I’m happy to include them if you think it’s worthwhile.

[simondeziel]

The if sudo iptables -L DOCKER-USER; then condition validates that both the tool and the chain are there so I've opened up #29 to do so.

[bschimke95]

Hey @simondeziel
I hope you had a great sprint and safe travels back home.
Is there anything else for this PR to land or can we go ahead and merge this? :)