avoid adding kube-router specific rules to enforce network policies in built-in chain used in fitler table

[murali-reddy]

This is the original design (#185) I had in my mind for network policies implementation. Should have been fixed much earlier.

• adds one level of indirection. No logic change in sync of pod, network policy chains and cleanup of state chains, ipsets etc
  INPUT -> KUBE-ROUTER-INPUT
  FORWARD -> KUBE-ROUTER-FORWARD
  OUTPUT -> KUBE-ROUTER-OUTPUT

• easy to troubleshoot with namesake custom chains

// Creates custom chains KUBE-ROUTER-INPUT, KUBE-ROUTER-FORWARD, KUBE-ROUTER-OUTPUT
// and following rules in the filter table to jump from builtin chain to custom chain
// -A INPUT   -m comment --comment "kube-router netpol" -j KUBE-ROUTER-INPUT
// -A FORWARD -m comment --comment "kube-router netpol" -j KUBE-ROUTER-FORWARD
// -A OUTPUT  -m comment --comment "kube-router netpol" -j KUBE-ROUTER-OUTPUT

Fixes #185

Note: this is a breaking change. Users need to flush the filter table so old rules in INPUT, FORWARD, OUTPUT chains are cleared.

[murali-reddy]

I would like to merge this PR over the week end and cut a 1.0 RC candidate. This is a desirable change for 1.0 release. If any one has concerns please raise. Also note

Note: this is a breaking change. Users need to flush the filter table so old rules in INPUT, FORWARD, OUTPUT chains are cleared.

[aauren]

I know this review is coming late, but this LGTM.

[murali-reddy]

I know this review is coming late, but this LGTM.

Neverthless thanks. Good to have extra pair of eyes review.