* src/res/configlets/linux24/automatic_rules: Generation of the
automatic rules (matching ESTABLISHED and INVALID states,
backup ssh access and others) now uses configlet. Fixes#883
* src/res/configlets/linux24/automatic_rules: generated script can
now include automatic rules to match IPv6 neighbor discovery ICMP6
packets. This is controlled by a checkbox in the iptables
"advanced" settings dialog and is off by default. Fixes#878
* PolicyCompiler_ipt.cpp (specialCaseWithFWInDstAndOutbound::processNext):
fixed bug #2823951: "unnecessary rules in FORWARD chain". Policy
rules that have interface object in "Interface" column and
direction "Both" generate unnecessary iptables commands in the
FORWARD chain when destination matches one of the addresses that
belong to the firewall.
algorithm used to decide which interfaces of the host or firewall
object to use in a rule when this host or firewall object is found
in source or destination.
bug (no #): policy compiler for iptables did not handle correctly
rules where a host that has multiple addresses was a single object
in a rule element and had negation.
* NATCompiler_ipt.cpp (singleObjectNegation::processNext): added
support for single object negation in OSrc and ODst in NAT rules.
This provides for more compact iptables script in the often used
case where single object is used with negation in these elements
of a NAT rule. Other improvements in handling NAT rules with
negation.
