The old rule would result in nftables failing to load if the iface
doesn't exist. Using `iifname` will match on any future ifaces if they
don't exist when the firewall starts.
Anbox needs a specific set of nftables rules to allow incoming and
outgoing traffic. Anbox makes it easy to allow the specific traffic due
to the established `anbox0` bridge network interface.
Installs nftables config useful for pmOS::
1) drop all connections to wwan* (wildcard matching supported, are there
any other wwan iface names that wouldn't match this?)
2) allow ssh, drop from wwan (kinda redundant w/ the first rule, but
doesn't hurt..), allow DHCP on usb*
3) allow all incoming connections on usb* (with the -openusb subpackage)
4) enable logging all nftable events (with the -log subpackage), very
useful for debugging
fixes#1024