util/linuxfw, feature/buildfeatures: add ts_omit_iptables to make IPTables optional

Updates #12614

Change-Id: Ic0eba982aa8468a55c63e1b763345f032a55b4e2
Signed-off-by: Brad Fitzpatrick <bradfitz@tailscale.com>

feature/buildfeatures/feature_iptables_disabled.go

@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build ts_omit_iptables
+
+package buildfeatures
+
+// HasIPTables is whether the binary was built with support for modular feature "Linux iptables support".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_iptables" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasIPTables = false

feature/buildfeatures/feature_iptables_enabled.go

@@ -0,0 +1,13 @@
+// Copyright (c) Tailscale Inc & AUTHORS
+// SPDX-License-Identifier: BSD-3-Clause
+
+// Code generated by gen.go; DO NOT EDIT.
+
+//go:build !ts_omit_iptables
+
+package buildfeatures
+
+// HasIPTables is whether the binary was built with support for modular feature "Linux iptables support".
+// Specifically, it's whether the binary was NOT built with the "ts_omit_iptables" build tag.
+// It's a const so it can be used for dead code elimination.
+const HasIPTables = true

feature/featuretags/featuretags.go

@@ -112,6 +112,7 @@ var Features = map[FeatureTag]FeatureMeta{
 		Desc: "Generic Receive Offload support (performance)",
 		Deps: []FeatureTag{"netstack"},
 	},
+	"iptables":      {"IPTables", "Linux iptables support", nil},
 	"kube":          {"Kube", "Kubernetes integration", nil},
 	"linuxdnsfight": {"LinuxDNSFight", "Linux support for detecting DNS fights (inotify watching of /etc/resolv.conf)", nil},
 	"oauthkey":      {"OAuthKey", "OAuth secret-to-authkey resolution support", nil},