NAT 反射规则冲突

【dengyull】 在 https://github.com/istoreos/istoreos/issues/2184 发布：
webui自动生成的规则无法完成端口转发。
这是默认设置下转发60端口生成的规则：
root@iStoreOS:~# iptables -t nat -L -n | grep 60
SNAT tcp – 192.168.100.0/24 192.168.100.108 tcp dpt:60 /* !fw3: 60 (reflection) / to:192.168.100.1
SNAT udp – 192.168.100.0/24 192.168.100.108 udp dpt:60 / !fw3: 60 (reflection) / to:192.168.100.1
DNAT tcp – 192.168.100.0/24 174.114.17.79 tcp dpt:60 / !fw3: 60 (reflection) / to:192.168.100.108:60
DNAT udp – 192.168.100.0/24 174.114.17.79 udp dpt:60 / !fw3: 60 (reflection) / to:192.168.100.108:60
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:60 / !fw3: 60 / to:192.168.100.108:60
DNAT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:60 / !fw3: 60 */ to:192.168.100.108:60
通过自定义简化规则，可以端口转发：
root@iStoreOS:~# iptables -t nat -L -n | grep 192.168.100.108
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:60 to:192.168.100.108:60
DNAT udp – 0.0.0.0/0 0.0.0.0/0 udp dpt:60 to:192.168.100.108:60
MASQUERADE tcp – 0.0.0.0/0 192.168.100.108 tcp dpt:60