try and use absolute directories for applications / files
and you can run your application/ script / config via an initscript
if you only want it to run on firstboot after new flash/upgrade or after system restore, you can add a uci_defaults script to your application
It probably starts too early in the boot process to insert iptables and/or they may be flushed/overwritten by the firewall/other processes if they start later. I'd try logging from your init script to make sure it runs, if that's the case, you may have to employ a delay in boot() before running start_service. You may want to check the source for adblock or simple-adblock for an example of waiting until network settles after boot.
PS. Not sure if START=99 is a meaningful value. I vaguely remember something about highest recommended value being 95 or even 90. You may want to search github for what other packages are using as a highest number.
i used START's value as 99 because i thought firewall's gonna flush my settings.
However my firewall starts at 30 and i've tried value for START around 40~50 too.