- allow multiple ports, protocols, macs, icmp types per rule
- implement "limit" and "limit_burst" options for rules
- implement "extra" option to rules and redirects for passing arbritary flags to iptables
- implement negations for "src_port", "dest_port", "src_dport", "src_mac", "proto" and "icmp_type" options
- allow wildcard (*) "src" and "dest" options in rules to allow specifying "any" source or destination
- validate symbolic icmp-type names against the selected iptables binary
- properly handle forwarded ICMPv6 traffic in the default configuration
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@27317 3c298f89-4303-0410-b956-a3cf2f4a3e73
- handle NAT reflection in firewall hotplug, solves synchronizing issues on boot
- introduce masq_src and masq_dest options to limit zone masq to specific ip ranges, supports multiple subnets and negation
git-svn-id: svn://svn.openwrt.org/openwrt/trunk@22888 3c298f89-4303-0410-b956-a3cf2f4a3e73
