Summary: security_group.py: catch exception when flushing chain

Detail: Added exception handling around iptables chain flushing, along
with a call to default_network_rules() to re-initialize.

Testing:
On agent, ls /var/run/cloud and pick one of the VMs to test with. Make a
backup of it's logfile (eg cp /var/run/cloud/i-2-1722.log /tmp )
Destroy the firewall ruleset for that VM with
/usr/lib64/cloud/common/scripts/vm/network/security_group.py destroy_network_rules_for_vm --vmname i-2-1722-VM --vif vnet10
Now copy the log file back, edit the file and decrement the last field by 1
ACS should notice the out-of-date sequence ID and push a new ruleset for
the VM within 60 seconds.

BUG-ID: CLOUDSTACK-1685
Bugfix-for: John Kinsella
Reviewed-by:
Reported-by:
Signed-off-by: John Kinsella <jlk@stratosec.co> 1363286927 -0700

scripts/vm/network/security_group.py

@@ -622,10 +622,14 @@ def add_network_rules(vm_name, vm_id, vm_ip, signature, seqno, vmMac, rules, vif
         lines = rules.split(';')[:-1]
 
     logging.debug("    programming network rules for  IP: " + vm_ip + " vmname=" + vm_name)
-    vmchain = vm_name
-    execute("iptables -F " + vmchain)
-    egress_vmchain = egress_chain_name(vm_name)
-    execute("iptables -F " + egress_vmchain)
+    try:
+      vmchain = vm_name
+      execute("iptables -F " + vmchain)
+      egress_vmchain = egress_chain_name(vm_name)
+      execute("iptables -F " + egress_vmchain)
+    except: 
+      logging.debug("Error flushing iptables rules for " + vmchain + ".  Presuming firewall rules deleted, re-initializing." )
+      default_network_rules(vm_name, vm_id, vm_ip, vmMac, vif, brname)
     egressrule = 0
     for line in lines: