From a lan client device are you still seeing rejections when you try to connect to something not allowed through?
(I just copied the /etc/config/firewall file from the LEDE installation)
This could be the problem , recommendation when upgrading major releases (eg. 17.x to 18.x) is to export all your configs, upgrade with default settings, then manually apply your settings again adjusting when things are different in the new version.