- reduce mssfix related log spam (#10681)
- separate src and dest terminal chains (#11453, #12945)
- disable per-zone custom chains by default, they're rarely used
Additionally introduce options "device", "subnet", "extra", "extra_src" and "extra_dest"
to allow defining zones not related to uci interfaces, e.g. to match "ppp+" or any tcp
traffic to and from a specific port.
SVN-Revision: 35484
- use comment match to keep track of per-network rules
- setup reflection for any interface which is part of a masqueraded zone, not just "wan"
- delete per-network reflection rules if network is brought down
SVN-Revision: 34472