fwtool: initial ipv6 support and puppet integration

Not the prettiest, but it works.

Just duplicates the firewall between ipv4 and ipv6, making sure to
filter out any hostnames that aren't resolvable in each domain.

ProxiedServer doesn't work over IPv6 yet due to nodes not having that
information, will need to be fixed for proxied web services to work.

domtool-publish has a new action, firewallpuppet, that will reload the
firewall for our new setup (and fall back to just reloading ferm on
the current one). Further work is required for puppet; we are purging
unmanaged chains and will need to move all rules into a single chain
instead of jumping to a different chain per user.