iptables: Add support for gateway parameter (#53465)

When user specifies the JUMP value to 'tee', gateway is required.
This fix adds new parameter 'gateway' to support this functionality.

Fixes: #53170

Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com>

lib/ansible/modules/system/iptables.py

@@ -145,6 +145,12 @@ options:
         is not used), then matching the rule will have no effect on the
         packet's fate, but the counters on the rule will be incremented.
     type: str
+  gateway:
+    description:
+      - This specifies the IP address of host to send the cloned packets.
+      - This option is only valid when C(jump) is set to C(TEE).
+    type: str
+    version_added: "2.8"
   log_prefix:
     description:
       - Specifies a log text for the rule. Only make sense with a LOG jump.
@@ -473,6 +479,8 @@ def construct_rule(params):
     append_param(rule, params['match'], '-m', True)
     append_tcp_flags(rule, params['tcp_flags'], '--tcp-flags')
     append_param(rule, params['jump'], '-j', False)
+    if params.get('jump') and params['jump'].lower() == 'tee':
+        append_param(rule, params['gateway'], '--gateway', False)
     append_param(rule, params['log_prefix'], '--log-prefix', False)
     append_param(rule, params['to_destination'], '--to-destination', False)
     append_param(rule, params['to_source'], '--to-source', False)
@@ -592,6 +600,7 @@ def main():
                                 flags_set=dict(type='list'))
                            ),
             jump=dict(type='str'),
+            gateway=dict(type='str'),
             log_prefix=dict(type='str'),
             goto=dict(type='str'),
             in_interface=dict(type='str'),
@@ -618,6 +627,10 @@ def main():
             ['set_dscp_mark', 'set_dscp_mark_class'],
             ['flush', 'policy'],
         ),
+        required_if=[
+            ['jump', 'TEE', ['gateway']],
+            ['jump', 'tee', ['gateway']],
+        ]
     )
     args = dict(
         changed=False,