enhance firewalld modules and states with ipset, zone_absent, service_absent

[remijouannet]

enhance firewalld modules and states with ipset, zone_absent, service_absent

What does this PR do?

• Add service_absent and service_present, service become an alias to service_present
• Add zone_absent and zone_present, present become an alias to zone_present
• Add ipset_absent and ipset_present with necessary functions in firewalld module
• add option to some functions to skip check in order to speed up executions
• Add target option to zone_present

Merge requirements satisfied?

[NOTICE] Bug fixes or features added to Salt require tests.

• [X ] Docs
• Changelog - https://docs.saltproject.io/en/master/topics/development/changelog.html
• Tests written/updated

Commits signed with GPG?

No

[remijouannet]

states that i've used to test my changes

firewalld:
  pkg.installed

firewalld_service:
  service.running:
    - name: firewalld
    - enable: True

service_http0:
  firewalld.service_present:
    - name: http0
    - ports:
      - 8000/tcp

service_http1:
  firewalld.service_present:
    - name: http1
    - ports:
      - 8000/tcp

service_http2:
  firewalld.service:
    - name: http2
    - ports:
      - 8000/tcp

ipset_adm:
  firewalld.ipset_present:
    - name: adm
    - ipset_type: hash:net
    - entries:
      - 10.0.0.0/24

ipset_svc1:
  firewalld.ipset_present:
    - name: svc1
    - ipset_type: hash:net
    - entries:
      - 10.0.1.0/24

ipset_svc2:
  firewalld.ipset_present:
    - name: svc2
    - ipset_type: hash:net
    - entries:
      - 10.0.2.0/24

ipset_svc3:
  firewalld.ipset_present:
    - name: svc3
    - ipset_type: hash:net
    - entries:
      - 10.0.3.0/24

zone_svc1:
  firewalld.zone_present:
    - name: test1
    - target: DROP
    - interfaces:
      - eth0
    - prune_rich_rules: True
    - rich_rules:
      - rule protocol value="icmp" accept
      - rule service name="ssh" accept
      - rule family="ipv4" source ipset="adm" accept
      - rule family="ipv4" source ipset="svc1" accept
      - rule family="ipv4" source ipset="svc3" service name="http0" accept

test_ipset:
  firewalld.ipset_absent:
    - name: test1

firewalld:
  pkg.installed

firewalld_service:
  service.running:
    - name: firewalld
    - enable: True

zone_svc4:
  firewalld.zone_absent:
    - name: test2

zone_svc1:
  firewalld.zone_absent:
    - name: test1

service_http0:
  firewalld.service_absent:
    - name: http0

service_http1:
  firewalld.service_absent:
    - name: http0

service_http2:
  firewalld.service_absent:
    - name: http0

ipset_adm:
  firewalld.ipset_absent:
    - name: adm

ipset_svc1:
  firewalld.ipset_absent:
    - name: svc1

ipset_svc2:
  firewalld.ipset_absent:
    - name: svc2

ipset_svc3:
  firewalld.ipset_absent:
    - name: svc3

test_ipset:
  firewalld.ipset_absent:
    - name: test1

firewalld:
  pkg.installed

firewalld_service:
  service.running:
    - name: firewalld
    - enable: True

service_http0:
  firewalld.service_present:
    - name: http0
    - ports:
      - 8000/tcp

service_http1:
  firewalld.service_absent:
    - name: http1

service_http2:
  firewalld.service:
    - name: http2
    - ports:
      - 8001/tcp

ipset_adm:
  firewalld.ipset_present:
    - name: adm
    - ipset_type: hash:net
    - entries:
      - 10.0.0.0/24
      - 10.2.0.0/24

ipset_svc1:
  firewalld.ipset_present:
    - name: svc1
    - ipset_type: hash:net
    - entries:
      - 10.0.1.0/24

ipset_svc2:
  firewalld.ipset_absent:
    - name: svc2

ipset_svc3:
  firewalld.ipset_present:
    - name: svc3
    - ipset_type: hash:net
    - entries:
      - 10.0.3.0/24

zone_svc1:
  firewalld.zone_present:
    - name: test2
    - target: DROP
    - interfaces:
      - eth0
    - prune_rich_rules: True
    - rich_rules:
      - rule protocol value="icmp" accept
      - rule service name="ssh" accept
      - rule family="ipv4" source ipset="adm" accept
      - rule family="ipv4" source ipset="svc1" accept
      - rule family="ipv4" source ipset="svc3" service name="http0" accept