Only jump to the port mapping chain if the traffic destination is the local system.

[dafydd2277]

This solves Issue #12 .

1) Only jump to cni-npr-<containerID> if the destination address is on the local system.

• This prevents the container network from intercepting forwards to other interfaces. 1) Add some example rules to the documentation of some functions.
• Show what the final rule will look like. 1) Generalize the masquerade into the container network.
• Just masq'ing when the source is localhost is either too much or not enough. Let's masq everything. 1) Add some additional notes to README regarding Issue #4.
• A rule limiting 127.0.0.1 to the lo interface blocks communication between the local system and the container network. Instead, explicitly prevent 127.0.0.1 from appearing on any physical interface. Virtual interfaces are okay.

[dafydd2277]

I forgot to add/ask. If you're doing semantic versioning, I can make a fair argument that modifying the jump rules to only match local IP addresses is a feature add, making this pull request version 1.1.0. The code wasn't actually broken, I just needed to expand its capabilities.

[greenpau]

@dafydd2277 , please fix linter issue and squash commits.

[greenpau]

@dafydd2277 , LGTM 👍 Thank you for your contribution!