New iptables module defaults

[alvagante]

Some comments on the default rules that are generated with the new iptables module:
1- There's no more a failsafe ssh rule:
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
this can be dangerous , I 'd keep the option that inserts it and enable it by default

2- There's not a rule to manage ESTABLISHED connections:
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
I've always considered them safe and useful

[Freeaqingme]

1. We could put in the failsafe ssh, but as mentioned previously it's hard to get right. If we put it too high, someone can't prevent a bruteforce attack. Put it too low, and someone may put an unwanted DROP/REJECT rule above of it.
   I could add something that puts it on top, but with the downside that someone can't prevent any form of brute force attack.
2. Did you read the readme.md? There are some defaults mentioned that I'd suggest (for some reason the markup is flaky):

  class { 'iptables': }

  include iptables::ruleset::related_established
  include iptables::ruleset::broadcast
  include iptables::ruleset::multicast
  include iptables::ruleset::security

[Freeaqingme]

@example42 See #40

[Freeaqingme]

See #43

Propose to => close