Is it possible add web interface managing ALL iptables chains ?
And possibility select “hidden” chains (i.e. CapPort) as target in rules. May be add checkbox in interface “Show system chains” ?
Or as variant – don’t erase manual added rules after saving changes in web interface.
I have difficulty in doing what you ask. In any case, if you want your manually added rules are added at reboot time and when you save the changes in the firewall, just insert them in the script [Startup/Cron][Firewall Chain].