There are two bugs in iptables-xml do_rule_part parsing corrected by this patch:

1) Ignore "-A <chain>" instead of just "-A"
2) When checking to see if we need a <match> tag, inversion needs to be taken
   into account

This closes netfilter bugzilla #679.  

Phil

Signed-off-by: Phil Oester <kernel@linuxace.com>