The easiest way to have a fully manual firewall config is to uninstall the firewall package: opkg remove firewall or to disable the firewall service: /etc/init.d/firewall disable.
The you can stick your custom iptables rules into /etc/rc.local.
rc.local may not work. At the time of its execution network interfaces can be down.
Scripts /etc/hotplug.d/iface are called on interface up/down events
iptables rules can be installed even if the corresponding interface is down so this usually is no problem. You only need hotplug if those manual rules do something complex, like enumerating effective IP addresses.
rc.local may not work. At the time of its execution network interfaces can be down.
Scripts /etc/hotplug.d/iface are called on interface up/down events
interfaces don't need to be up to create iptables rules.
Arguably, you don't want them up until the rules are in place. Otherwise, you
have a window where the interfaces are up, but there are no restrictions, so
attackers can get through freely.