Comment 6 for bug 1765700

Undercloud is persisting iptables rules in two places.

- First in puppet class tripleo::firewall
- Then in /usr/libexec/os-refresh-config/post-configure.d/80-seedstack-masquerade

In tripleo::firewall there is code to ensure neutron firewall rules are not persisted.
But ... the neutron rules are then persisted when 80-seedstack-masquerade is executed making the tripleo::firewall's attempts to filter these useless on the undercloud.

Since the Ironi Inspector rules are ephemeral as well, it would make sense to filter these as ell.

a) Implement filtering of ironic-inspector pxe_filter rules in tripleo::firewall:
   Patch: https://review.openstack.org/563461
b) Implement similar filtering in ``80-seedstack-masquerade`` to make sure neutron and ironic-inspector pxe_filter iptables rules are not persisted.
   Patch: https://review.openstack.org/563467