Comment 9 for bug 1515799

Verified on 7.0 Ubuntu with installed mirror packages:
http://perestroika-repo-tst.infra.mirantis.net/review/CR-14561/mos-repos/ubuntu/7.0/dists/mos7.0-proposed/

Before apply patch we have next rules:
...
-A neutron-openvswi-iac16f023-b -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP
-A neutron-openvswi-iac16f023-b -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN
...

After apply patch we have next rules:
...
-A neutron-openvswi-o9ceef79b-3 -m state --state RELATED,ESTABLISHED -m comment --comment "Direct packets associated with a known session to the RETURN chain." -j RETURN
-A neutron-openvswi-o9ceef79b-3 -j RETURN
-A neutron-openvswi-o9ceef79b-3 -m state --state INVALID -m comment --comment "Drop packets that appear related to an existing connection (e.g. TCP ACK/FIN) but do not have an entry in conntrack." -j DROP
...