uci set firewall.wg="rule"
uci set firewall.wg.name="Allow-WireGuard"
uci set firewall.wg.src="wan"
uci set firewall.wg.dest_port="${VPN_PORT}"
uci set firewall.wg.proto="udp"
uci set firewall.wg.target="ACCEPT"
According to the first tutorial, it looks like port forwarding binds external and internal port, regardless of rules. Are port forwards and traffic rules equivalent solutions?
As a very rough rule, if you need to rewrite the destination IP (i.e. you're using NAT to access devices in an IPv4 private IP range) then it's a port forward. If you're just opening ports in the firewall then it's a traffic rule.
In the case of the wireguard rule, if WG is running on the router, then you only need to open a port in the firewall. You're not forwarding it on to a different machine than the packets are addressed to. Therefore you only need a traffic rule.
No, it's a special case here that they both achieve the same result.
If the destination device is the OpenWrt, I'd consider it waste of resources to use the port forward.
