I discovered that custom firewall rules will not work after reboot if they contain a device name (server name, printer name, etc.) that has a static IP address defined. They will work after you click the 'Restart Firewall' button in Luci. The danger here is that someone will tweak and test all of their rules through Luci and have them working perfectly, and not realize that they won't be loaded when the router reboots. I will agree in advance that they should test after reboot - but if we make it easy to do it right, and difficult to do it wrong, then people will be less likely to make mistakes.
The problem is that at boot time, the custom rules are loaded before dnsmasq is loaded, so the device names can't be resolved to IP addresses and the rules can't be created.
One workaround is to go to System/Startup and add a local startup script that includes ''/etc/init.d/firewall restart". I tested this and it works; being a bit cautious I then added a 'sleep 1' before the firewall restart. Or, if you prefer, you can do the same thing by editing /etc/rc.local.
Another workaround is to simply use IP or MAC addresses in all of your firewall rules; this works but is unsatisfactory because firewall rules are much easier to understand when they include device names.
Someone might suggest putting a similar sleep into the firewall script; this doesn't work. I tried 'sleep 10' and 'sleep 120' and neither one worked.
This should really be documented in the official firewall documentation; I am documenting it here so that it will be easy to find. I searched all of the documentation and the forum and couldn't find this mentioned anywhere.
I am running OpenWrt 18.06.1 r7258-5eb055306f / LuCI openwrt-18.06 branch (git-18.228.31946-f64b152) on a Linksys WRT1900ACS.