Comment 4 for bug 1784957

Moving the importance of this issue to Medium as this is seen only on 1 testbed, where an IPTables policy to deny all except the ones in the rules in the forward tables.

For OnPrem, multicloud provisioning does not set any rule, since this is a complete customer equipment and the customer would be responsible for this. As a preventative fix, we will detect the deny policy and stop the play and recommend that the IPTables be fixed.

We do not want to change IPTables on onprem CPE as I personally have seen customers not like that approach at all. Hence we will follow the standard of what ansible does, detect an issue, abort, suggest the corrective action