A common misconception is that the firewall and routes are effectviely the same. A good way to separate them is to think of the firewall as a permissions structure that allows or prohibits traffic flow, where as routes are the actual paths that the traffic can take. They must obviously align for traffic to flow, but they are two different things.
To make an example of this, let's consider the most simple home rotuer situation -- LAN > WAN traffic. If it is not flowing, we could have the following potential causes:
- The firewall does not allow it
- There is an incorrect route (that attempts to send traffic to another gateway, rather than via the gateway on the wan)
- There is no default route (maybe becuase the wan itself is actually down).
If the firewall is corrected to allow lan > wan forwarding, but one of the two other issues persists, traffic will still not flow, even though it has appropriate allowances to do so. However, if the other two are fixed but the firewall does not allow lan > wan forwarding, traffic could flow (insofar as the infrastructure is working, but is forbidden to do so by the firewall).
In #2, I described how the default route gets replaced by WG and is not re-established when WG is disabled. A restart of the WAN interface can correct that (as does a restart of the router as a whole), but adding a metric to the wan will keep that route from being erased, as well.
Putting it all together, 1 and 2 can both be problematic at the same time. Fixing 1 alone doesn't fix the problem with 2.
Your log should hopefully have something to offer here:
logread -e udhcpc
If you see different IP addresses from one lease to the next, that should provide some confirmation. Further, you can see if the timing lines up based on the DHCP lease times (which are expressed in seconds, so 86400 = 24 hours)
See this thread: