As for these rules what do you want to be able to do
firewall.@rule[14]=rule
firewall.@rule[14].src='lan'
firewall.@rule[14].name='block 8888'
firewall.@rule[14].dest_ip='8.8.8.8'
firewall.@rule[14].target='DROP'
firewall.@rule[14].dest='wan'
firewall.@rule[14].proto='all'
firewall.@rule[15]=rule
firewall.@rule[15].src='wan'
firewall.@rule[15].name='Allow-ICMPv4-DNS-replies'
firewall.@rule[15].target='ACCEPT'
firewall.@rule[15].dest_ip='fe80::339f:7937:f17d:1edb' '192.168.254.8'
firewall.@rule[15].proto='udp' 'icmp' 'igmp
if you want dns requests to be resolved only from an internal device (which can be a rasberry, pc or other dns server) you should look at this post