iptables: Stop logging on dropped packets.

We never examine these logs, and it fills dmesg.  We have flow logging at the AWS stack layer.

puppet/zulip_ops/files/iptables/header.v4

@@ -1,11 +1,6 @@
 # This file was auto-generated by Puppet.  Do not edit by hand.
 *filter
 
-# Set up logging for dropped packets
--N LOGDROP
--A LOGDROP -m limit --limit 15/min -j LOG --log-prefix "iptables dropped: " --log-level 7
--A LOGDROP -j DROP
-
 # Allow all outbound traffic
 -A OUTPUT -j ACCEPT
 
@@ -13,7 +8,7 @@
 -A INPUT -i lo -j ACCEPT
 
 # Drop all traffic to loopback IPs on other interfaces
--A INPUT ! -i lo -d 127.0.0.0/8 -j LOGDROP
+-A INPUT ! -i lo -d 127.0.0.0/8 -j DROP
 
 # Accept incoming traffic related to established connections
 -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

puppet/zulip_ops/files/iptables/header.v6

@@ -1,11 +1,6 @@
 # This file was auto-generated by Puppet.  Do not edit by hand.
 *filter
 
-# Set up logging for dropped packets
--N LOGDROP
--A LOGDROP -m limit --limit 15/min -j LOG --log-prefix "ip6tables dropped: " --log-level 7
--A LOGDROP -j DROP
-
 # Allow all outbound traffic
 -A OUTPUT -j ACCEPT
 
@@ -13,7 +8,7 @@
 -A INPUT -i lo -j ACCEPT
 
 # Drop all traffic to loopback IPs on other interfaces
--A INPUT ! -i lo -d ::1/128 -j LOGDROP
+-A INPUT ! -i lo -d ::1/128 -j DROP
 
 # Allow ICMP; it is more fundamental to IPv6 functioning.
 -A INPUT -p icmpv6 -j ACCEPT

puppet/zulip_ops/files/iptables/trailer.v4

@@ -1,6 +1,6 @@
 
 # Drop everything else
--A INPUT   -j LOGDROP
+-A INPUT   -j DROP
--A FORWARD -j LOGDROP
+-A FORWARD -j DROP
 
 COMMIT

puppet/zulip_ops/files/iptables/trailer.v6

@@ -1,6 +1,6 @@
 
 # Drop everything else
--A INPUT   -j LOGDROP
+-A INPUT   -j DROP
--A FORWARD -j LOGDROP
+-A FORWARD -j DROP
 
 COMMIT