Yes man, same here I notice some abnormal behavior on my brand new RUT240, it's OpenWrt based and I know a little this kind of software trought years, so I do many test on my site to figure it out, and finally I get a solution working for me.
Well you need to simply "clear" unused zones/rules from firewall configuration located at /etc/config/firewall
then restart firewall with /etc/init.d/firewall restart or reboot a device for ensure kernel tables is cleared.
I write about this in many recent posts today, meow 
First step fo make clear, is remove unconfigured/unused zones from configuration and see if your nat/portfowarding rules return to work, of course make configuration backup as usual before starting to edit config files.
Zones below you can safe remove from configuration if not used:
config zone 'l2tp_zone'
option name 'l2tp'
option input 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'l2tp'
option device 'l2tp+ xl2tp+'
option forward 'REJECT'
config zone 'pptp_zone'
option name 'pptp'
option input 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'pptp'
option device 'pptp+'
option forward 'REJECT'
config zone 'gre_zone'
option name 'gre'
option input 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option network 'gre'
option device 'gre+'
option forward 'REJECT'
config zone
option name 'hotspot'
option input 'REJECT'
option output 'ACCEPT'
option device 'tun0 tun1 tun2 tun3'
option forward 'REJECT'
config zone 'sstp'
option name 'sstp'
option input 'REJECT'
option output 'ACCEPT'
option device 'sstp-+'
option masq '1'
option forward 'REJECT'
After this you also delete unused rules from firewall WEB UI or from firewall file, don't matter, uci subsystem of RUTos reparsing and adjusting if needed, but pay attention when editing firewall file with custom options, don't mistake syntax or you get parsing error under Firewall WEB UI.
Apply your changes step by step if you're not enough skilled, and watch behavior of RUTos by reloading Firewall page.
Regards
