Optimize network forwards

[markylaing]

Reuses the logic from #9633 to optimise firewall rule generation when applying network forwards.

Additionally adds some revert logic to the NetworkApplyForwards method in xtables to clean up any forwarding rules that may be partially applied (this is not required for nftables as the rules are collated and applied together in a template).

Closes #11911

[markylaing]

@tomponline FYI this is passing the network_forward test suite but I haven't run the full suite, nor have I run the corresponding tests from https://github.com/lxc/lxc-ci/blob/master/bin/test-lxd-network-bridge-firewall

[tomponline]

@tomponline FYI this is passing the network_forward test suite but I haven't run the full suite, nor have I run the corresponding tests from https://github.com/lxc/lxc-ci/blob/master/bin/test-lxd-network-bridge-firewall

Please can you run the ones from https://github.com/lxc/lxc-ci/blob/master/bin/test-lxd-network-bridge-firewall with it.

[tomponline]

LGTM thanks!

Just waiting on confirmation that the daily tests run with this.

[markylaing]

@tomponline This is passing the LXD network bridge firewall daily test (after much effort).

The actual test script I am running is https://github.com/markylaing/lxc-ci/blob/fad37d48ab1254dcbf06e1a53c7cd252fdbef0aa/bin/test-lxd-network-bridge-firewall. I've made a few changes to account for side loading the LXD binary. Additionally, the test was run in an images:ubuntu/22.04 VM because there was an issue with ebtables in the official ubuntu:jammy image.

You can view the changes here lxc/lxc-ci@master...markylaing:lxc-ci:local-firewall-test

[tomponline]

Thanks!