In systems running large substacks, such as Kubernetes, that need to directly manipulate large parts of the iptables rule sets.
Additionally, restarting the entirety of iptables may take upwards of a minute for large rulesets.
To this end, we need to come up with a 'less strict' setting for the iptables module that will do the following:
Ignore all rules that are not explicitly managed by SIMP (ones that have 'SIMP:' comments)
Purge all SIMP rules and re-add them at the bottom of the affected chains being careful to apply all rules possible in an atomic fashion so users don't get locked out of their systems accidentally.
This should allow for 'near instant' application of the SIMP managed rulesets while leaving room for the container management tools to run wild.
This has been accomplished through the integration with firewalld