Does 'any zone' include the wan zone in the LuCi firewall configuration?
I am trying to segregate my network into different vlans and basically want to lock them down so that I have control over the traffic flow. It seems I need to open ports for DHCP and DNS, etc. but instead of creating a firewall rule per each vlan/subnet, can I just create one rule to allow DHCP/DNS to all of them (i.e., source: any zone)? I only want the ports to be open for my internal subnets and not the public internet.
Yep, it includes, so if you decide to go that way, insert the reject rules to precede the accept rules.
It's sort of confusing and better to avoid unless you have really a lot of downstream interfaces.