Restore firewall rules on snowflake-01 (minus conntrack)

In #40189 (closed) we disabled conntrack by removing the firewall rules. We should restore a sensible firewall configuration, minus the conntrack rules, if it proves not to harm performance.

/cc @linus