[SmartSwitch] Added inbound traffic capability for DPU management traffic script

[gpunathilell]

Why I did it

To add capability to control the inbound traffic for DPUs, Using the script we can now enable:

• Outbound: Allow Traffic from DPU to reach the internet
• Inbound: Allow SSH connection to reach the DPU from a specific port on the switch

Command examples:
sonic-dpu-mgmt-traffic.sh outbound -e This enables traffic to reach the internet from the DPU

sonic-dpu-mgmt-traffic.sh outbound -d This disables traffic to reach the internet from the DPU

sonic-dpu-mgmt-traffic.sh inbound -e --dpus dpu1 --ports 9090 This enables SSH traffic to the dpu1 from the internet
We can connect to the DPU using ssh admin@<switch name/ip> -p 9090

sonic-dpu-mgmt-traffic.sh inbound -e --dpus dpu1,dpu2 --ports 9090,5005 This enables SSH traffic to the dpu1 and dpu2 from the internet
We can connect to dpu2 using ssh admin@<switch name/ip> -p 5005

sonic-dpu-mgmt-traffic.sh inbound -e --dpus all --ports 9090,8090,8091,5032 This enables SSH traffic to all the dpus from the internet using the ports specified (in sorted order the DPUs will use the ports in the order the user specifies)
We can connect to the DPU using ssh admin@<switch name/ip> -p 5032 to connect to the 4th dpu (in sorted order)

sonic-dpu-mgmt-traffic.sh inbound -d --dpus dpu1 --ports 9090 This disables SSH traffic to the dpu1 from the internet
The same rule which was used for enable has to be used (by replacing -e with -d)

--nofwctrl Option - If both inbound and outbound rules are enabled, if we try to disable only one of them the ipv4 enabled forwarding for eth0 interface would be disabled so this option can be used in that specific case where we only need to disable either outbound or inbound traffic without affecting the other.

This feature is enabled using the ip table rules, so if the rules are flushed the connection will be terminated

Work item tracking

• Microsoft ADO (number only):

How I did it

How to verify it

Which release branch to backport (provide reason below if selected)

• 201811
• 201911
• 202006
• 202012
• 202106
• 202111
• 202205
• 202211
• 202305

Tested branch (Please provide the tested image version)

Description for the changelog

Link to config_db schema for YANG module changes

A picture of a cute animal (not mandatory but encouraged)

[gpunathilell]

/azpw run Azure.sonic-buildimage

[mssonicbld]

/AzurePipelines run Azure.sonic-buildimage

[kperumalbfn]

LGTM

[kperumalbfn]

/azpw ms_conflict -f

[kperumalbfn]

@StormLiangMS Could you check ms_conflict failure?

[oleksandrivantsiv]

/azpw ms_conflict

[oleksandrivantsiv]

@kperumalbfn can you please merge this PR?