Code review comment for lp:~xtoddx/nova/provider-fw-rules

> Good question. I never completely understood what the "local" chain was for. It was there before I added the IptablesManager thing. Perhaps Vishy can shed some light on this?

Dim memory here, but I think the split of top and local was so that we could add rules to the "beginning" without interfering with predefined rules outside of nova and make sure they all got hit before the instance specific rules.