T6760: firewall: add packet modifications existing in policy route to regular firewall ruleset.

[nicolas-fort]

Change Summary

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Code style update (formatting, renaming)
• Refactoring (no functional changes)
• Migration from an old Vyatta component to vyos-1x, please link to related PR inside obsoleted component
• Other (please describe):

Related Task(s)

• https://vyos.dev/T6760

Related PR(s)

Component(s) name

firewall

Proposed changes

Extend capabilities present in set policy [route | route6 ] <policy_name> rule <rule_id> set ... to firewall rules.
In policy route this writes rules in the "Prerouting mangle" chain/priority. This PR includes extending those options to the firewall ruleset at different chains and priorities, adding more flexibility.

How to test

Configuration example:

vyos@ROCK# run show config comm | grep firewall
set firewall bridge forward filter rule 1 action 'accept'
set firewall bridge forward filter rule 1 set connection-mark '123123'
set firewall bridge forward filter rule 1 set hop-limit '44'
set firewall bridge forward filter rule 1 source address '2::1/128'
set firewall bridge forward filter rule 2 action 'accept'
set firewall bridge forward filter rule 2 set ttl '128'
set firewall bridge forward filter rule 2 vlan priority '5'
set firewall ipv4 forward filter rule 1 action 'accept'
set firewall ipv4 forward filter rule 1 destination address '192.0.2.0/24'
set firewall ipv4 forward filter rule 1 set connection-mark '123123'
set firewall ipv4 forward filter rule 1 set dscp '32'
set firewall ipv4 forward filter rule 1 set ttl '155'
set firewall ipv4 prerouting raw rule 10 action 'accept'
set firewall ipv4 prerouting raw rule 10 set dscp '7'
set firewall ipv4 prerouting raw rule 10 set ttl '233'
set firewall ipv4 prerouting raw rule 101 action 'notrack'
set firewall ipv4 prerouting raw rule 101 destination port '23'
set firewall ipv4 prerouting raw rule 101 protocol 'tcp'
set firewall ipv4 prerouting raw rule 101 set mark '55'
set firewall ipv6 prerouting raw rule 1 action 'drop'
set firewall ipv6 prerouting raw rule 1 destination port '23'
set firewall ipv6 prerouting raw rule 1 protocol 'tcp'
set firewall ipv6 prerouting raw rule 1 set hop-limit '79'
[edit]
vyos@ROCK# 

Smoketest result

test_firewall.py --> OK
test_policy_route.py --> OK

Checklist:

• I have read the CONTRIBUTING document
• I have linked this PR to one or more Phabricator Task(s)
• I have run the components SMOKETESTS if applicable
• My commit headlines contain a valid Task id
• My change requires a change to the documentation
• I have updated the documentation accordingly

[github-actions]

👍
No issues in PR Title / Commit Title

[github-actions]

CI integration 👍 passed!

Details

CI logs

• CLI Smoketests 👍 passed
• Config tests 👍 passed
• RAID1 tests 👍 passed
• TPM tests 👍 passed