OpenWrt firewall mystery

I understand that the firewall is not rejecting the connection from guest to the routers private side, by virtue of the guest zones input accept policy.

The firewall is then also not routing (forwarding) the connection onto the private LAN (in the sense that it creates a new frame where the routers MAC address as of the guest LAN is the source MAC), as there is no zone forwarding guest->private defined.

But the Linux IP stack (not the firewall) then nevertheless allows the guest LAN connection to arrive at the uhttpd server listening ONLY to the private LAN ...

Gee, as I said, that's shocking ...

Kind regards,
Sebastian