Minimally support shorewall firewall

Our clusters that are managed with Bright Cluster Manager require Shorewall for regular functioning, other firewall configuration tools should be disabled. Thus, we should configure fail2ban to use shorewall for blocking.

The fail2ban module will default to using the iptables backend, but if the svclist parameter of the config class is set to 'shorewall.service' the shorewall backend will be used instead.

Shorewall is recommended to be configured for blocktype 'blacklist!' in fail2ban and with 'DYNAMIC_BLACKLIST="ipset,disconnect,noupdate"' in shorewall.conf. Neither is set here.

The package fail2ban-shorewall is required in addition to fail2ban-server and fail2ban-sendmail. It should be provided to the f2b_packages parameter in the config class.