Avahi device discovery accross vlans working , 'but'

OpenWrt 23.05.0 r23497-6637af95aa
I am now able to discover chromecasts and my denon av which are on vlan3 from vlan1 .
I installed Avahi and created firewall rule

config rule
option name 'Allow mdns'
option src_port '5353'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
option direction 'in'
option device 'br-lan'
option family 'ipv4'
list proto 'tcp'
list proto 'udp'
option src 'lan'

But , it will not work unless I change the zone config for lan3 to be

config zone
option name 'lan3'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'DROP'
list network 'lan3'

This seems a little too wide open but I am not sure what firewall rule I would add to only allow responses to the Avahi forwards (if such a rule is possible)

Any ideas ?

Avahi device discovery across vlans is working well for me. It shouldn't require option input 'ACCEPT'. Try deleting,

option direction 'in'

I don't have that option set.

I removed the option from the firewall rule and set the lan3 zone input to drop and it still works .
I have no idea what was going the last time I tried this

I have to 'unsolve' this as now I can no longer discover the chromecasts

now I'm getting this

Wed Oct 25 15:30:13 2023 daemon.info procd: Instance avahi-daemon::instance1 s in a crash loop 6 crashes, 0 seconds since last crash
Wed Oct 25 15:30:26 2023 daemon.info procd: Instance avahi-daemon::instance1 s in a crash loop 7 crashes, 0 seconds since last crash
Wed Oct 25 15:31:14 2023 daemon.info procd: Instance avahi-daemon::instance1 s in a crash loop 8 crashes, 0 seconds since last crash
Wed Oct 25 15:33:46 2023 daemon.info procd: Instance avahi-daemon::instance1 s in a crash loop 9 crashes, 0 seconds since last crash

Will try reboot

Now avahi will not start , keeps crashing.

sigh

after rebooting and then restoring the avahi config to the original changing only the

enable-reflector

line avahi now starts . There must have been some errant character in the file.
Now I'm back to where I started at least

Did you get Avahi device-discovery to work? If not, I've included my working configuration below. My firewall's mDNS rule is slightly different to yours, so perhaps that makes a difference?

uci configuration
# switch vlans 1 & 3 (using swconfig, not the newer DSA)
# -----------------------------------------------------------------------------
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'

# LAN vlan with vlan id 1
network.vlan_lan=switch_vlan
network.vlan_lan.device='switch0'
network.vlan_lan.vlan='1'
network.vlan_lan.ports='3 4 0t'

# IOT vlan with vlan id 3
network.vlan_iot=switch_vlan
network.vlan_iot.device='switch0'
network.vlan_iot.vlan='3'
network.vlan_iot.ports='2 0t'

# network device br-lan
# ---------------------------------
# br-lan (default configuration)
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='eth0.1'

# network interfaces lan and iot
# ------------------------------
# LAN (default configuration)
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.1.1'
network.lan.netmask='255.255.255.0'
# IOT
network.iot=interface
network.iot.device='eth0.3'
network.iot.proto='static'
network.iot.ipaddr='192.168.3.1'
network.iot.netmask='255.255.255.0'

# firewall zone iot
# ------------------------
# LAN (default configuration, so I wont repeat it here)
# IOT
## IOT: zone
firewall.zone_iot=zone
firewall.zone_iot.name='iot'
firewall.zone_iot.network='iot'
firewall.zone_iot.input='REJECT'
firewall.zone_iot.forward='REJECT'
firewall.zone_iot.output='ACCEPT'
firewall.zone_iot.family='ipv4'
## IOT: mDNS
firewall.rule_mdns_iot=rule
firewall.rule_mdns_iot.name='Allow mDNS IPV4 IOT -> Router'
firewall.rule_mdns_iot.src='iot'
firewall.rule_mdns_iot.src_port='5353'
firewall.rule_mdns_iot.dest_port='5353'
firewall.rule_mdns_iot.dest_ip='224.0.0.251'
firewall.rule_mdns_iot.proto='udp'
firewall.rule_mdns_iot.family='ipv4'
firewall.rule_mdns_iot.target='ACCEPT'

# /etc/avahi/avahi-daemon.conf
# -----------------------------------------
enable-reflector=yes
allow-interfaces=br-lan,eth0.3

Thanks , after I refreshed the config it started working again