Now I know what I'm looking for I can reliably reproduce the issue simply by adding a port forward with both TCP and UDP selected.
Luci seems too default to not specifying a protocol if TCP and UDP are selected, but the UDP rule is always added incorrectly. If I add TCP then later add UDP, then tcp and udp get added via list proto 'xxx' statements whereas previously they were in a single line using option proto.
It looks like it's always the 2nd protocol that's added wrong though, if I reverse the order the UDP entry is added first and correctly and the TCP entry is wrong. If no dest_ip is specified then both seem to be added correct
I'm using ipq806x on an R7800, although it's custom build with the patches to enable the NSS cores. I'm pretty sure the patches are unrelated to the issue and had thought this was working previously, but now I think about it, it's entirely possible that TCP was by the slave name server when I fixed a sync issue with a build based on last weeks code...
Can you please elaborate on your test process? So far I quickly tested creating and deleting as well as enabling and disabling rules from LuCI which worked.
Seems to work now for me, might be because of the ucode commit, I just saw another user mentioning it and I had (apparently) the same issue before.
So all good I guess...