MODULES-11593: Add IPv6 rule saving command for Suse in utility and update specs

[span786]

Summary

Add IPv6 rule saving command for SUSE in utility and update specs.

Checklist

• 🟢 Spec tests.
• 🟢 Acceptance tests.
• Manually verified. (For example puppet apply)

[span786]

Changes related to IPv6 are specific to SUSE linux only and acceptance tests are passing for both SLES-12 & SLES-15

[span786]

Verified the change manually using puppet apply, please check the execution log below:

─❯ ssh [email protected]
The authenticity of host '136.109.79.104 (136.109.79.104)' can't be established.
ED25519 key fingerprint is: SHA256:P9GBnrNebzCUPLaAkrospRj6YqZ+bLWNQHA17/MiN80
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '136.109.79.104' (ED25519) to the list of known hosts.
** WARNING: connection is not using a post-quantum key exchange algorithm.
** This session may be vulnerable to "store now, decrypt later" attacks.
** The server may need to be upgraded. See https://openssh.com/pq.html
[email protected]'s password:
SUSE Linux Enterprise Server 12 SP5 x86_64 (64-bit)

As "root" (sudo or sudo -i) use the:
  - zypper command for package management
  - yast command for configuration management

Management and Config: https://www.suse.com/suse-in-the-cloud-basics
Documentation: https://www.suse.com/documentation/sles-12/
Forum: https://forums.suse.com/forumdisplay.php?93-SUSE-Public-Cloud

Have a lot of fun...
litmuspthdqkx7@litmus-0763dcd0036b4bdd:~> sudo su
litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # puppet agent --version
8.17.0

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # puppet module list
/etc/puppetlabs/code/environments/production/modules
├── puppetlabs-firewall (v8.2.0)
└── puppetlabs-stdlib (v9.7.0)
/etc/puppetlabs/code/modules (no modules installed)
/opt/puppetlabs/puppet/modules (no modules installed)

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # vi test_ipv6_sles.pp

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # cat test_ipv6_sles.pp
# test_ipv6_sles.pp
# Apply with: puppet apply test_ipv6_sles.pp

class { 'firewall': }

firewall { '100 test ipv6 on sles':
  ensure   => present,
  chain    => 'INPUT',
  proto    => 'tcp',
  dport    => '8080',
  source   => '2001:db8::1/128',
  jump     => 'ACCEPT',
  protocol => 'IPv6',
}

# Verify after applying
exec { 'verify-ipv6-persistence':
  command => '/bin/sh -c "grep -q \"test ipv6 on sles\" /etc/sysconfig/ip6tables && echo \"Rule persisted successfully\" || exit 1"',
  require => Firewall['100 test ipv6 on sles'],
}

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # puppet apply test_ipv6_sles.pp
Notice: Compiled catalog for litmus-0763dcd0036b4bdd.c.ia-content.internal in environment production in 0.14 seconds
Notice: /Stage[main]/Main/Firewall[100 test ipv6 on sles]/ensure: defined 'ensure' as 'present'
Notice: firewall[100 test ipv6 on sles]: Creating: Creating Rule '100 test ipv6 on sles' with {:name=>"100 test ipv6 on sles", :ensure=>"present", :protocol=>"IPv6", :chain=>"INPUT", :source=>"2001:db8::1/128", :proto=>"tcp", :dport=>"8080", :jump=>"ACCEPT", :table=>"filter"}
Notice: firewall[100 test ipv6 on sles]: Creating: Ensuring changes to '100 test ipv6 on sles' persist
Notice: firewall[100 test ipv6 on sles]: Creating: Finished in 0.049440 seconds
Notice: /Stage[main]/Main/Exec[verify-ipv6-persistence]/returns: executed successfully
Notice: Applied catalog in 0.22 seconds

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 # cat /etc/sysconfig/ip6tables
# Generated by ip6tables-save v1.4.21 on Tue Feb  3 03:31:37 2026
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -s 2001:db8::1/128 -p tcp -m tcp --dport 8080 -m comment --comment "100 test ipv6 on sles" -j ACCEPT
COMMIT
# Completed on Tue Feb  3 03:31:37 2026

litmus-0763dcd0036b4bdd:/home/litmuspthdqkx7 #