Force firewall chain delete

[cruelsmith]

Flush chain to get rid of unmanaged firewall rules in that chain else the remove of the chain will fail.

---

This PR fixes #1064 where you want to ensure that all unmanaged firewall chains and rules are removed but still want to be able to whitelist unmanaged rules of a chain via ignore or ignore_foreign.
Code to reproduce:

resources { 'firewallchain':
  purge => true,
}

firewallchain { 'INPUT:filter:IPv4':
  purge  => true,
  ignore => [
    '-j fail2ban-', # ignore the fail2ban jump rule
  ],
}

firewallchain { 'fail2ban-sshd:filter:IPv4':
  purge          => true,
  ignore_foreign => true, # ignore not puppet managed rules in this chain
}

Note: A additional resources { 'firewall': purge => true } is not allowed here in this case because firewall will else remove the normally ignored rules by firewallchain.

> puppet agent -t
> iptables -N test
> iptables -I test -j RETURN
> puppet agent -t

With this change the second puppet run will not fail and remove every unmanaged chain like this 'test' chain.

Note: If there is still a reference from a rule outside of the chain that should be removed the puppet resource will fail until this reference has been removed. That means there could be still cases where multiple puppet runs are needed.

---

Fixes #1064

[CLAassistant]

All committers have signed the CLA.

[david22swan]

LGTM

[david22swan]

Thx for the fix, noticed this a while back but never got around to doing it myself.

[pskopnik]

Thanks @cruelsmith!