Add new iptables plugin

[ghost]

Required for all PRs:

• CHANGELOG.md updated
• Sign CLA (if not already signed)
• README.md updated (if adding a new plugin)

The iptables plugin aims at monitoring bytes and packet counters
matching a given set of iptables rules.

Typically the user would set a dedicated monitoring chain into a given
iptables table, and add the rules to monitor to this chain. The plugin
will allow to focus on the counters for this particular table/chain.

[ghost]

Hello,
Where should I put the changelog info, everything looks ready for 1.0 release ... Should I put it there too ?
Cheers.

[phemmer]

I don't think using the line number as an identifier tag is a good idea. From the perspective of someone looking at the data in influxdb (or wherever the telegraf data is going), ruleid=4 is going to mean next to nothing. Also, if another iptables rule is inserted, then line 4 becomes line 5, and tracking the metrics over time gets screwed up. It also may not be consistent between hosts (one host's rule 4 may not be the same as another host's rule 4).

[ghost]

I agree. I am using comments exclusively myself to identify the rules. I considered using the rule number as a fallback for rules that do not have a comment. For the sake of clarify I suggest to ignore rules that do not have a comment. What do you think ? Any other suggestion to distinguish a rule from another ?

[sparrc]

@ririsoft is it common not to have a comment? I'm fine with ignoring uncommented lines as long as it's not too huge of a burden on users, though it will need to be documented

[ghost]

@sparrc: I have no idea if it is common or not. I can add an option to let the user ignore rules without comment or not as he prefer. If rules without comment are to be included then the ruleid will be the rule number. What do you think ?

[sparrc]

I'm not sure the "rule id" should ever be used, that seems like it can only lead to confusion among users, and can also lead to bad data when rules are added/deleted. If there is no way to uniquely identify it then I think it's best to skip it.

[ghost]

I am preparing a new version of the plugin that will:

• Discard rules without a comment
• Update the documentation with information for using systemd capabilities to run the plugin without the need for root or sudo. It will let the possibility to run iptables through sudo though, for users who do not want to give too much capabilities to telegraf.

It will be available next week.

[sparrc]

sounds great, thank you @ririsoft

[ghost]

Pull request is now completed. The failing CI does not sound related to this development.
Do not hesitate to ask for a rebase and/or squash and if you would like an update in the changelog too.
Cheers.

[sparrc]

OK, thanks @ririsoft, can you:

1. rebase your changes
2. update the CHANGELOG (under release 1.1)
3. add your plugin to the list of available plugins on the main repo README?

[ghost]

Sorry I messed up with the CHANGELOG.md but it should be ok now: I rebased and squashed all the porcelain. Thank you very much for your kind help on this PR.