forked from #215.

openshift-sdn/plugins/osdn/common.go unconditionally inserts the following rule into the INPUT chain.

-A INPUT -i tun0 -m comment --comment "traffic from docker for internet" -j ACCEPT

When e.g. using IPSEC between hosts, it's nice to allow vxlan traffic only when using a tunnel. I propose that openshift-sdn takes an option to specify the chain to insert this rule into.