So after a bit more review it seems I just have one turtle that has a blank iptables config
iptables -S from 2 units running v4 code have different outputs.
Broken Turtle
root@turtle:~# iptables -S
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
Working Turtles
root@turtle:~# iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT DROP
-N delegate_forward
-N delegate_input
-N delegate_output
-N forwarding_3gwan_rule
-N forwarding_lan_rule
-N forwarding_rule
-N forwarding_vpn_rule
-N forwarding_wan_rule
-N input_3gwan_rule
-N input_lan_rule
-N input_rule
-N input_vpn_rule
-N input_wan_rule
-N output_3gwan_rule
-N output_lan_rule
-N output_rule
-N output_vpn_rule
-N output_wan_rule
-N reject
-N syn_flood
-N zone_3gwan_dest_ACCEPT
-N zone_3gwan_dest_REJECT
-N zone_3gwan_forward
-N zone_3gwan_input
-N zone_3gwan_output
-N zone_3gwan_src_REJECT
-N zone_lan_dest_ACCEPT
-N zone_lan_forward
-N zone_lan_input
-N zone_lan_output
-N zone_lan_src_ACCEPT
-N zone_vpn_dest_ACCEPT
-N zone_vpn_forward
-N zone_vpn_input
-N zone_vpn_output
-N zone_vpn_src_ACCEPT
-N zone_wan_dest_ACCEPT
-N zone_wan_forward
-N zone_wan_input
-N zone_wan_output
-N zone_wan_src_REJECT
-A INPUT -j delegate_input
-A FORWARD -j delegate_forward
-A OUTPUT -j delegate_output
-A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
-A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_forward -i eth0 -j zone_lan_forward
-A delegate_forward -i eth1 -j zone_wan_forward
-A delegate_forward -i tun0 -j zone_vpn_forward
-A delegate_forward -j reject
-A delegate_input -i lo -j ACCEPT
-A delegate_input -m comment --comment "user chain for input" -j input_rule
-A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
-A delegate_input -i eth0 -j zone_lan_input
-A delegate_input -i eth1 -j zone_wan_input
-A delegate_input -i tun0 -j zone_vpn_input
-A delegate_input -j reject
-A delegate_output -o lo -j ACCEPT
-A delegate_output -m comment --comment "user chain for output" -j output_rule
-A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A delegate_output -o eth0 -j zone_lan_output
-A delegate_output -o eth1 -j zone_wan_output
-A delegate_output -o tun0 -j zone_vpn_output
-A delegate_output -j reject
-A reject -p tcp -j REJECT --reject-with tcp-reset
-A reject -j REJECT --reject-with icmp-port-unreachable
-A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
-A syn_flood -j DROP
-A zone_3gwan_forward -m comment --comment "user chain for forwarding" -j forwarding_3gwan_rule
-A zone_3gwan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
-A zone_3gwan_forward -j zone_3gwan_dest_REJECT
-A zone_3gwan_input -m comment --comment "user chain for input" -j input_3gwan_rule
-A zone_3gwan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
-A zone_3gwan_input -j zone_3gwan_src_REJECT
-A zone_3gwan_output -m comment --comment "user chain for output" -j output_3gwan_rule
-A zone_3gwan_output -j zone_3gwan_dest_ACCEPT
-A zone_lan_dest_ACCEPT -o eth0 -j ACCEPT
-A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
-A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
-A zone_lan_forward -m comment --comment "forwarding lan -> vpn" -j zone_vpn_dest_ACCEPT
-A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
-A zone_lan_forward -j zone_lan_dest_ACCEPT
-A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
-A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
-A zone_lan_input -j zone_lan_src_ACCEPT
-A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
-A zone_lan_output -j zone_lan_dest_ACCEPT
-A zone_lan_src_ACCEPT -i eth0 -j ACCEPT
-A zone_vpn_dest_ACCEPT -o tun0 -j ACCEPT
-A zone_vpn_forward -m comment --comment "user chain for forwarding" -j forwarding_vpn_rule
-A zone_vpn_forward -m comment --comment "forwarding vpn -> wan" -j zone_wan_dest_ACCEPT
-A zone_vpn_forward -m comment --comment "forwarding vpn -> lan" -j zone_lan_dest_ACCEPT
-A zone_vpn_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
-A zone_vpn_forward -j zone_vpn_dest_ACCEPT
-A zone_vpn_input -m comment --comment "user chain for input" -j input_vpn_rule
-A zone_vpn_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
-A zone_vpn_input -j zone_vpn_src_ACCEPT
-A zone_vpn_output -m comment --comment "user chain for output" -j output_vpn_rule
-A zone_vpn_output -j zone_vpn_dest_ACCEPT
-A zone_vpn_src_ACCEPT -i tun0 -j ACCEPT
-A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
-A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
-A zone_wan_forward -p esp -m comment --comment "@rule[7]" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "@rule[8]" -j zone_lan_dest_ACCEPT
-A zone_wan_forward -m comment --comment "forwarding wan -> vpn" -j zone_vpn_dest_ACCEPT
-A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
-A zone_wan_forward -j zone_wan_dest_ACCEPT
-A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
-A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
-A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
-A zone_wan_input -p igmp -m comment --comment Allow-IGMP -j ACCEPT
-A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
-A zone_wan_input -j zone_wan_src_REJECT
-A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
-A zone_wan_output -j zone_wan_dest_ACCEPT
-A zone_wan_src_REJECT -i eth1 -j reject
How do I copy this to the broken turtle?