…_centos_6_support

pdksync - (IAC-1787) Remove Support for CentOS 6

In certain situations it is possible for an unmanaged rule to exist on
the target system that has the same comment as the rule specified in
the manifest.

When this condition is true puppet will ignore the the unmanaged rule
and continue to apply the rule in the manifest. This is because the
firewall module uses the comment field in IPT as it's namevar and
therefore expects it to be a unique identifier. In the case of IPT this
is not true given that you can have multiple rules with the same
comment.

This commit adds a check that will identify system rules that have their
comment field set to the same value as a rule in the manifest. If we
enter a situation where any of the duplicate counts are greater than 1
then we will respond with a configurable action. The behaviour of this
can be configured via the onduplicaterulebehaviour parameter.

Here we add a new parameter that determines how the puppet run will
behave if a duplicate system rule is encountered. The default is to
warn and continue.

This commit adds a new section to inform users about how the module will behave when it encounters duplicate rules.

It also inclues a small bit of house keeping.

Co-authored-by: Michael T Lombardi (He/Him) <michael.lombardi@puppet.com>

Prior to this commit there we no test cases to validate our
changes to the module.

This commit adds test cases for each of the configurations for
onduplicaterulebehaviour.

…e_comments_v2

(SEC-944) Handle duplicate system rules

Release prep v3.4.0