New strategy for handling source security groups.
The code now uses a source security group and a destination security group and one iptables rule that matches both for each such case. To get atomic updates all ipsets are recreated for each run with a generation number encoded in the name. Old ipsets are removed onces the iptables rules are updated
Showing with 75 additions and 15 deletions