VR: Do not add iptables rules for the revoked ip addresses (apache#6189)

(cherry picked from commit c61ea9f)
Signed-off-by: Rohit Yadav <[email protected]>

Author: weizhouapache

systemvm/debian/opt/cloud/bin/cs/CsAddress.py

@@ -498,7 +498,7 @@ def fw_vpcrouter(self):
                     if not inf.startswith("eth"):
                         continue
                     for address in addresses:
-                        if "nw_type" in address and address["nw_type"] == "guest":
+                        if "nw_type" in address and address["nw_type"] == "guest" and address["add"]:
                             self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %
                                             (address["network"], self.address["network"], self.dev)])
                             self.fw.append(["filter", "front", "-A FORWARD -s %s -d %s -j ACL_INBOUND_%s" %