Firewall settings for two site-to-site OpenWrt routers

This should be applied to the R1 starting from factory defaults:

uci -q delete network.lan_lan
uci set network.lan_lan="route"
uci set network.lan_lan.interface="wan"
uci set""
uci set network.lan_lan.gateway=""
uci commit network
/etc/init.d/network restart

uci set dhcp.@dnsmasq[0].localservice="0"
uci add_list dhcp.@dnsmasq[0].server="/lan2/"
uci commit dhcp
/etc/init.d/dnsmasq restart

uci add_list firewall.@zone[1].masq_dest="!"
uci add_list firewall.@zone[1].masq_dest="!"
uci -q delete firewall.wan_dns
uci set firewall.wan_dns="rule"
uci set"Allow-DNS-WAN"
uci set firewall.wan_dns.src="wan"
uci add_list firewall.wan_dns.src_ip=""
uci add_list firewall.wan_dns.src_ip=""
uci set firewall.wan_dns.dest_port="53"
uci set firewall.wan_dns.proto="tcp udp"
uci set"ACCEPT"
uci -q delete firewall.wan_admin
uci set firewall.wan_admin="rule"
uci set"Allow-Admin-WAN"
uci set firewall.wan_admin.src="wan"
uci set firewall.wan_admin.src_ip=""
uci set firewall.wan_admin.dest_port="22 80 443"
uci set firewall.wan_admin.proto="tcp"
uci set"ACCEPT"
uci -q delete firewall.l2l_icmp
uci set firewall.l2l_icmp="rule"
uci set"Allow-ICMP-Forward"
uci set firewall.l2l_icmp.src="wan"
uci set firewall.l2l_icmp.src_ip=""
uci set firewall.l2l_icmp.dest="lan"
uci set firewall.l2l_icmp.proto="icmp"
uci set firewall.l2l_icmp.icmp_type="echo-request"
uci set"ipv4"
uci set"ACCEPT"
uci -q delete firewall.l2l_ssh
uci set firewall.l2l_ssh="rule"
uci set"Allow-SSH-Forward"
uci set firewall.l2l_ssh.src="wan"
uci set firewall.l2l_ssh.src_ip=""
uci set firewall.l2l_ssh.dest="lan"
uci set firewall.l2l_ssh.dest_port="22"
uci set firewall.l2l_ssh.proto="tcp"
uci set"ACCEPT"
uci commit firewall
/etc/init.d/firewall restart

The R2 should be configured symmetrically.