Non-functional ipset script

I've been battling for the last three weeks or so with unwanted traffic on my webserver from several Chinese ip addresses. I still don't know what they were after, but I've been able to kick them out by blocking a range of ip addresses via the server's UFW firewall.

Now, I'd like to move the blocking firewall rules to my OpenWrt (23.05.0) router to prevent those ip addresses from accessing anything within my lan. I made the following ipset script as a first item on top of /etc/config/firewall:

config ipset
        option name 'chinain'
        option match 'src_net'
        option loadfile '/etc/config/chinanets'

config rule
        option name 'Drop-Chinanets'
        option src 'wan'
        option ipset 'chinain'
        option target 'DROP'

the /etc/config/chinanets containing the blocked ip ranges in CIDR format...

But the script does not work.
No listed ip's are being blocked... What I am missing here, or doing wrong?

Try adding option dest 'lan' (change 'lan' to the appropriate firewall zone).

Thanks. Seems reasonable. Now it is just waiting to see whether something happens or not :grin: