Comment 6 for bug 1566968

Reviewed: https://review.openstack.org/302164
Committed: https://git.openstack.org/cgit/openstack/fuel-virtualbox/commit/?id=80e86854be082ccc81099235ff6e5f16606e80e1
Submitter: Jenkins
Branch: master

commit 80e86854be082ccc81099235ff6e5f16606e80e1
Author: Igor Kalnitsky <email address hidden>
Date: Tue Apr 5 18:43:02 2016 +0300

    Fix public network routing from slaves

    Since we assign public gateway address on master node, all public
    traffic goes through it. Unfortunately, it doesn't reach destination due
    to rejecting rule in FORWARD chain:

        ACCEPT all -- 10.20.0.0/24 anywhere
        ACCEPT all -- anywhere anywhere
        REJECT all -- anywhere anywhere
        ext-filter-forward all -- anywhere anywhere

    The commit fixes that problem by inserting (-I), not appending (-A)
    ext-filter-forward entry. In that case that rule will have higher
    priority and won't break routing.

        ACCEPT all -- 10.20.0.0/24 anywhere
        ACCEPT all -- anywhere anywhere
        ext-filter-forward all -- anywhere anywhere
        REJECT all -- anywhere anywhere

    Change-Id: I7887f08a175fa0ce06654dc1fc18ab412cb296f5
    Closes-Bug: #1566968