After power-cycling (usually courtesy of the power company) my WRT3200ACM running 18.06.4, I can get out from the ssh shell on the router, e.g. "ping 8.8.8.8" works, but none of the inside clients can get out, my inside nameserver resolves no names outside my domain, etc. A traceroute from an inside host to an outside host stops at 192.168.1.1, the router.
After I choose "restart firewall" on the Luci Network -> Firewall -> Custom Rules page, everything works. Am I overlooking something, or is there a race condition, perhaps to be worked around with a sleep(1) in the custom rules script?
Note that I don't change the custom rules, which were scp'ed to the router long ago. I just choose "restart firewall". and all is well. It's a puzzle.