Add comments to iptables rules to help debugging

 20
   SNAT_OUT = 'Perform source NAT on outgoing traffic.' 21
   UNMATCH_DROP = 'Default drop rule for unmatched traffic.' 22
   VM_INT_SG = 'Direct traffic from the VM interface to the security group chain.' 23
   SG_TO_VM_SG = 'Jump to the VM specific chain.' 24
   INPUT_TO_SG = 'Direct incoming traffic from VM to the security group chain.' 25
   PAIR_ALLOW = 'Allow traffic from defined IP/MAC pairs.' 26
   PAIR_DROP = 'Drop traffic without an IP/MAC allow rule.' 27
   DHCP_CLIENT = 'Allow DHCP client traffic.' 28
   DHCP_SPOOF = 'Prevent DHCP Spoofing by VM.' 29
   UNMATCHED = 'Send unmatched traffic to the fallback chain.' 30
   STATELESS_DROP = 'Drop packets that are not associated with a state.' 31
   ALLOW_ASSOC = ('Direct packets associated with a known session to the RETURN ' 32
   'chain.') 33
   IPV6_RA_ALLOW = 'Allow IPv6 ICMP traffic to allow RA packets.'

this is a great improvement. We should make sure it is documented, and our debbugging section in the ops guide matches with this language.

Reviewed: https://review.openstack.org/158161
Committed: https://git.openstack.org/cgit/openstack/operations-guide/commit/?id=c53ea8d99c97da2b58a6b80bc7ccdfbad6c0263f
Submitter: Jenkins
Branch: master

commit c53ea8d99c97da2b58a6b80bc7ccdfbad6c0263f
Author: John Joyce <email address hidden>
Date: Sun Feb 22 20:57:52 2015 -0500

    Added some debug information to the iptables section

    Some additonal debug information added to the iptables section
    added a couple of neutron references. This documentation was
    triggered by. Bug: #1265493, but still applicable to KILO

    Change-Id: I2b895cff77ad04fc5e8121a5245b56580f4d01fb
    Closes-Bug: #1378562