Comment 1 for bug 1735724

A possible solution would be moving the iptables rules installation for metadata right after the namespace gets created or right before we plug the ports to br-int instead of doing it in the AFTER_CREATE router notification handler.