Code review comment for lp:~xtoddx/nova/provider-fw-rules

I've skirted the top vs. local chain discussion by leaving the rules as they are now to just apply to instance ingress. I'll follow bug #796018 to make output work (so I don't keep holding this merge up). Moving to WIP to change to using netaddr and look at testing again.