Using OpenWrt 19.04, Firewall-3:
I'm configuring a "zone" in the /etc/config/firewall. I want to treat two different interfaces, one wired, and one wireless, which are both themselves represented as bridge devices in in /etc/config/network.
According to "https://openwrt.org/docs/guide-user/firewall/firewall_configuration" option "network" is a "list of interfaces" ie. list notation. Fine.
My default policies are "DROP, DROP, DROP" My zone has Input, Output policies as "ACCEPT, ACCPT..." When I list one of the two bridge devices on the network list in the zone, and "service firewall restart" as expected, I get in the IP Tables Chain Input a new custom chain with the name "Zone---XXX---Input" which applies to device on THAT bridge. When I list the other device on the list in that zone, I get the same "Zone---XXX---Input" and the respective device is there. Fine. Dandy.
When I list BOTH interfaces on the "list" using a "list notation?" I get zip. zilch. nada. I had expected the firewall3 compiler to generate a rule for both interfaces as individual iptables rules.
My syntax must certainly be wrong. No firewall compiler would ship with a bug as blatant as this, right?