Add lxc_net_manage_iptables variable

Added lxc_net_manage_iptables variable. Setting this variable avoids
duplcaiting the existing rules.

Change-Id: I76800d23929bd2a6f656a20095b7d2352a4757fa

defaults/main.yml

@@ -61,6 +61,9 @@ lxc_net_gateway: null  ## if null, no gateway will be on the LXC bridge. lxc_net
 # lxc container nat enabled
 lxc_net_nat: true  ## If "true", nat rules will be created with the lxc network.
 
+# Enable iptables for lxc network
+lxc_net_manage_iptables: true  ## If "true" iptables rules will be added when the bridge is up and deleted when bridge is down
+
 # lxc container dhcp settings
 lxc_net_dhcp_range: 10.0.3.2,10.0.3.253
 lxc_net_dhcp_max: 253

releasenotes/notes/lxc_net_manage_iptables-95e52387dcef0015.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - The variable ``lxc_net_manage_iptables`` has been added. This variable
+    can be overridden by deployers if system wide iptables rules are already
+    in place or managed by deployers chioce.

templates/lxc-net-bridge.cfg.j2

@@ -12,9 +12,13 @@ iface {{ lxc_net_bridge }} inet static
 {% endif %}
 {% if lxc_net_nat | bool %}
     # dnsmasq start and stop
+{% if lxc_net_manage_iptables | bool %}
     post-up /usr/local/bin/lxc-system-manage iptables-create
+{% endif %}
     post-up /usr/local/bin/lxc-system-manage dnsmasq-start || true
+{% if lxc_net_manage_iptables | bool %}
     post-down /usr/local/bin/lxc-system-manage iptables-remove
+{% endif %}
     post-down /usr/local/bin/lxc-system-manage dnsmasq-stop
 {% endif %}
     bridge_fd 0