Apply ratbox3 workaround for too permissive inet_pton6():
Any kline (or various other things) containing * or ? is a mask kline and not an IP kline. Ideally, rb_inet_pton_sock() would return failure for those, but in practice this is not always the case for IPv6.
Such a kline that is erroneously treated as an IP line likely matches way fewer IPs than expected.