ipfw: pmod: avoid further rule processing after tcp-mod failures

m_pullup() here will have freed the mbuf chain, but we pass back an
IP_FW_DENY without any signal that the outer loop should finish. Thus,
rule processing continues without an mbuf and there's a chance that we
conclude that the packet may pass (but there's no mbuf remaining)
depending on the rules that follow it.

PR: 284606
Reviewed by: ae

(cherry picked from commit c0382512bfce872102d213b9bc2550de0bc30b67)