functions.m4, local.m4: Workaround for option parser fragmentation bugs.

There are some nasty option parser bugs in iptables 1.4.11.1.  Most
obviously, it refuses to accept `! -f' even though it always used to
work.  (This is Debian #632695.)  Secondly, it sees that ip6tables has
stopped accepting `! --fragfirst'.  I'm not sure this is unintentional,
though it's certainly annoying.

Work around both of these problems by introducing additional chains.
That is, we replace

	iptables -A chain -j action ! --test

by

	iptables -A newchain -j RETURN --test
	iptables -A newchain -j action
	iptables -A chain -j newchain

which is rather unpleasant, really.