Move refresh to be triggered by allocation and deallocation of IP's rather than creation/destruction of instances.
There really needs a way to use ipsets for this, but it's not widely supported yet (went into mainline linux at 2.6.39), so this implementation just uses regular iptables.
ed79192a33