TRITON-75 Allow firewall rules to be applied in order of priority (sy…

…nc w/ smartos-live)

TRITON-77 Add support for ESP and AH protocols in firewall rules (sync w/ smartos-live)
TRITON-95 Failure to write ipf(6).conf for a zone shouldn't block reloading other zones' firewalls (sync w/ smartos-live)
Reviewed by: Alex Wilson <alex.wilson@joyent.com>
Approved by: Alex Wilson <alex.wilson@joyent.com>

deps/fw/lib/rvm.js

@@ -20,7 +20,7 @@
  *
  * CDDL HEADER END
  *
- * Copyright (c) 2013, Joyent, Inc. All rights reserved.
+ * Copyright 2016, Joyent, Inc. All rights reserved.
  *
  *
  * fwadm: functions for manipulating remote VMs

deps/fw/lib/util/log.js

@@ -32,7 +32,7 @@ var events = require('events');
 var fs = require('fs');
 var mkdirp = require('mkdirp');
 var mod_obj = require('./obj');
-var mod_uuid = require('node-uuid');
+var mod_uuid = require('uuid');
 var path = require('path');
 var sprintf = require('extsprintf').sprintf;
 var util = require('util');

deps/fw/lib/util/vm.js

@@ -26,7 +26,7 @@
  * fwadm: shared VM logic
  */
 
-var mod_net = require('net');
+var mod_addr = require('ip6addr');
 var mod_obj = require('./obj');
 var VError = require('verror').VError;
 
@@ -64,6 +64,9 @@ function notAuto(i) {
     return (i !== 'dhcp') && (i !== 'addrconf');
 }
 
+function toStr(o) {
+    return o.toString();
+}
 
 
 // --- Exports
@@ -111,15 +114,17 @@ function createRemoteVM(vm) {
         });
     }
 
-    rvm.ips = Object.keys(ips).sort();
-
-    rvm.ips.forEach(function (ip) {
-        if (!mod_net.isIPv4(ip) && !mod_net.isIPv6(ip)) {
+    function parseIP(ip) {
+        try {
+            return mod_addr.parse(ip);
+        } catch (_) {
             err = new VError('Invalid IP address: %s', ip);
             err.details = vm;
             throw err;
         }
-    });
+    }
+
+    rvm.ips = Object.keys(ips).map(parseIP).sort(mod_addr.compare).map(toStr);
 
     if (hasKey(vm, 'tags') && !objEmpty(vm.tags)) {
         rvm.tags = {};