Make firewallReplaceUidChain match the behaviour of createChain.
The behaviour of the firewallReplaceUidChain was incorrect in
several ways:
1. It was missing the "always allow TCP RST packets" rules which
were added in http://ag/963000 .
2. It included a RETURN statement at the end of blacklist chains,
which is superfluous since all user-defined chains implicitly
return, and became incorrect when http://ag/963000 switched the
behaviour of blacklist chains from inserting new rules at the
beginning to appending them at the end.
3. It was missing the rules to allow the types of ICMPv6 packets
that are critical in maintaining connectivity.
By itself, this change is a no-op since nothing currently calls
firewallReplaceUidRule.
Bug:
26675191
Change-Id: I985e6861812908cbe7eaf0f54ca0ad39c22bbfeb