config defaults option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option synflood_protect '1' option flow_offloading '1' option flow_offloading_hw '1' config zone 'lan' option name 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' list network 'lan' list network 'wg_lan' config zone 'wan' option name 'wan' option input 'REJECT' option output 'ACCEPT' option forward 'DROP' option masq '1' option mtu_fix '1' list network 'wan' config forwarding option src 'lan' option dest 'wan' config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-IPSec-ESP' option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option name 'Allow-ISAKMP' option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config rule 'wg' option name 'Allow-WireGuard-lan' option src 'wan' option dest_port '51820' option proto 'udp' option target 'ACCEPT' config rule option name 'Block-Public-DNS-and-force-DoH-DoT' option src 'lan' option dest 'wan' option dest_port '53 853 5353' option target 'REJECT' option enabled '0' config redirect option dest 'lan' option target 'DNAT' option name 'http server' option src 'wan' option src_dport '3000' option dest_ip '192.168.88.117' option dest_port '3000' option enabled '0' config redirect option dest 'lan' option target 'DNAT' option name 'librespeed' option src 'wan' option src_dport '8989' option dest_ip '192.168.88.1' option dest_port '8989' option enabled '0' config rule option name 'Block-DNS-from-WAN' option src 'wan' option dest_port '53' list proto 'tcp' list proto 'udp' option target 'REJECT'