Add an iptables rule to drop packets that conntrack considers invalid.

[mccv1r0]

Add an iptables rule to drop packets that conntrack considers invalid.

One rule for the life of CNI vs one for ipMasq, portmap etc.

This is an alternative to adding an unique container IP specific rules every cniADD for ipMasq, portmap and then removing when cniDel is called.

Fixes plugins 816

Signed-off-by: Michael Cambria [email protected]