firewalld_zone: Fix failure creating new zone

[jameslikeslinux]

Pull Request (PR) description

Possibly due to a change in recent firewalld versions (I'm on 2.1.1), creating a new zone fails with:

Debug: Firewalld_zone[test3](provider=firewall_cmd): Creating new zone test3 with target: '' Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value Debug: Executing: '/usr/sbin/firewall-cmd --state' Debug: Executing: '/usr/sbin/firewall-offline-cmd --new-zone test3' Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value Debug: Executing: '/usr/sbin/firewall-cmd --state' Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --list-interfaces' Debug: Firewalld_zone[test3](provider=firewall_cmd): removing icmp block inversion for zone test3 Debug: Puppet::Type::Firewalld_zone::ProviderFirewall_cmd: Executing --state command - current value Debug: Executing: '/usr/sbin/firewall-cmd --state' Debug: Executing: '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' Error: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12: Error: /Stage[main]/Main/Firewalld_zone[test3]/ensure: change from 'absent' to 'present' failed: Execution of '/usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion' returned 12:

which seems to be because ICMP block inversion is unset by default:

> /usr/sbin/firewall-offline-cmd --zone test3 --remove-icmp-block-inversion
NOT_ENABLED: icmp-block-inversion
> echo $?
12

Only manage icmp_block_inversion property on new zones if set to true.

This Pull Request (PR) fixes the following issues

None. This is a report and fix all in one. Feel free to suggest changes.