VCP - Firewall redesign: cli proposal

[nicolas-fort]

PR contains a general structure of new firewall cli, and why we should me move to it.

[Cheeze-It]

I was looking at this and I wanted to kind of streamline the CLI tree. As always, what I am proposing is just an idea. I very well could be wrong :)

So I was looking at this and I saw these:

    ipv4-filter
    ipv6-filter
    Inet-filter
    bridge-filter
    arp-filter

The first thing I think we could probably do is remove the "-filter" here. I kinda am of the belief that it's redundant at this point as we already know that we're defining a filter. Then we are defining the type of filter (which is what these are doing). I'd like to remove the "-filter" from this level if we can.

If I may ask, why would we need "Inet" as a filter if we already have ipv4 and ipv6?

Lastly, taking a look at the bottom I am thinking it probably would be better to use "modify" as that is what it used to be and I am of the belief it was the easiest to understand what was being done to the packet header (a modification of something). I am thinking that "policy" or "mangle" might not be altogether all that straightforward.