NAT, the new way


the NAT ruleset can die

the code is easier to follow and shorter

with scrub and nat being actions, only filter rulesets left
so support for multiple ruleset types could be deleted

just NAT changes + cleanup save ~1000 lines of code
the committed NAT diff, maintained outside the tree for months, was about 4000 lines