Firewall: Use the right IP subnet

[jbeyerstedt]

The firewall rules always use a /24 subnet, even if something else was configured in the "openvpn_server_netmask" parameter. This PR uses some ipaddr filter magic to extract the CIDR prefix length from the two netmask and network variables.

This change was originally proposed in #163, but wasn't merged because of the other changes in that PR.

[bandikoot]

@kyl191, greetings!

I use /16 subnet for vpn clients. Recently i have spent quite a few hours researching what's wrong with packets routing before I checked out iptables rules & discovered /24 hardcoded in them.

Is there any chance this PR would be merged? It'd be very helpful.