Describe the Bug

When applying on a server without any iptables rule the following puppet code with the resource firewallchain declared without any rule:

firewallchain { "FORWARD:mangle:IPv4":
    ensure => present,
    purge  => true,
}

The following output is always emitted:

Notice: /Stage[main]/Base::Firewall/Firewallchain[FORWARD:mangle:IPv4]/ensure: defined 'ensure' as 'present'
Notice: firewallchain[FORWARD:mangle:IPv4]: Updating: Finished in 0.000061 seconds

Expected Behavior

I would expect no output to be emitted.

Environment

• Firewall 8.0.1
• Ubuntu 24.04

Additional Context

I believe that the issue comes from the fact that iptables-save doesn't show empty tables. The code is therefore not able to distinguish an existing empty table from a non-existing one. Specifying the table with the -t option (e.g. iptables-save -t <table> does display the empty table).