Fair enough, let me get started then:
/etc/config/network
[root@dca632 ../mullvad/wireguard 56°]# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd04:52a5:a38a::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'docker'
option device 'docker0'
option proto 'none'
option auto '0'
config device
option type 'bridge'
option name 'docker0'
config interface 'wan'
option proto 'pppoe'
option device 'eth0'
option username 'REDACTED'
option password 'REDACTED'
option ipv6 'auto'
option hostname 'router'
config interface 'wg0'
option proto 'wireguard'
option private_key 'REDACTED'
option listen_port '51820'
list addresses '10.0.5.1/24'
list addresses 'fd2d:a278:3852::1/64'
config wireguard_wg0
option public_key 'REDACTED'
option description 'ToastyPen10+'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '10.0.5.2/32'
list allowed_ips 'fd2d:a278:3852::2/64'
option preshared_key 'REDACTED'
config wireguard_wg0
option description 'ToastyUFO'
option preshared_key 'REDACTED'
list allowed_ips '10.0.5.3/32'
list allowed_ips 'fd2d:a278:3852::3/64'
option endpoint_port '51820'
option persistent_keepalive '25'
option public_key 'REDACTED'
config wireguard_wg0
option description 'Moto One Action de Liz'
option preshared_key 'REDACTED'
list allowed_ips '10.0.5.4/32'
list allowed_ips 'fd2d:a278:3852::4/64'
option endpoint_port '51820'
option persistent_keepalive '25'
option public_key 'REDACTED'
config wireguard_wg0
option description 'Liz-PC'
option public_key 'REDACTED'
option preshared_key 'REDACTED'
list allowed_ips '10.0.5.5/32'
list allowed_ips 'fd2d:a278:3852::5/64'
option endpoint_port '51820'
option persistent_keepalive '25'
config wireguard_wg0
option description 'Moto One Action de Celia'
option preshared_key 'REDACTED'
list allowed_ips '10.0.5.6/32'
list allowed_ips 'fd2d:a278:3852::6/64'
option endpoint_port '51820'
option persistent_keepalive '25'
option public_key 'REDACTED'
config interface 'Zerotier'
option proto 'none'
option device 'ztrta4adry'
config interface 'wg_usa'
option proto 'wireguard'
option private_key 'REDACTED'
list addresses 'REDACTED'
list addresses 'REDACTED'
option peerdns '0'
list dns '10.64.0.1'
config wireguard_wg_usa
option description 'us240-wireguard'
option public_key 'REDACTED'
list allowed_ips '0.0.0.0/0'
list allowed_ips '::0/0'
option route_allowed_ips '1'
option endpoint_host '96.44.189.98'
option endpoint_port '51820'
option persistent_keepalive '25'
/etc/config/dhcp
config dnsmasq
option domainneeded '1'
option noresolv '1'
option port '53'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option logdhcp '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option dnsforwardmax '2300'
option min_cache_ttl '270'
option cachesize '5000'
list address '/router/192.168.1.1'
option sequential_ip '1'
option dnssec '1'
option allservers '1'
option confdir '/tmp/dnsmasq.d'
option enable_tftp '1'
option tftp_root '/usbstick/tftp'
list doh_backup_server '127.0.0.1#1053'
list doh_backup_server '::1#1053'
list ipset '/zoom.us/streaming,streaming6'
list ipset '/googlevideo.com/*.googlevideo.com/streaming,streaming6'
list ipset '/vevo.com/streaming,streaming6'
list ipset '/nflxvideo.net/streaming,streaming6'
list ipset '/netflix.com/streaming,streaming6'
list ipset '/nflxso.net/streaming,streaming6'
list ipset '/nflximg.com/streaming,streaming6'
list ipset '/s3.ll.dash.row.aiv-cdn.net/d25xi40x97liuc.cloudfront.net/aiv-delivery.net/streaming,streaming6'
list ipset '/fbcdn.net/streaming,streaming6'
list ipset '/ttvnw.net/streaming,streaming6'
list ipset '/audio-fa.scdn.cot/streaming,streaming6'
list ipset '/deezer.com/streaming,streaming6'
list ipset '/sndcdn.com/streaming,streaming6'
list ipset '/last.fm/streaming,streaming6'
list ipset '/v.redd.it/streaming,streaming6'
list ipset '/iview.abc.net.au/streaming,streaming6'
list ipset '/play.stan.com.au/streaming,streaming6'
list ipset '/disneyplus.com/streaming,streaming6'
list ipset '/cloudfront.net/streaming,streaming6'
list ipset '/aiv-cdn.net/r.cloudfront.net/aiv-delivery.net/streaming,streaming6'
list ipset '/vs-dash-uk-live.akamaized.net/streaming,streaming6'
list ipset '/cdn.bllon.isp.sky.com/live.bidi.net.uk/streaming,streaming6'
list ipset '/ssl-bbcdotcom.2cnt.net/streaming,streaming6'
list ipset '/millicast.com/streaming,streaming6'
list ipset '/xirsys.com/streaming,streaming6'
list ipset '/googletagmanager.com/googleusercontent.com/*.googleusercontent.com/google.com/fbcdn.net/*.fbcdn.net/akamaihd.net/*.akamaihd.net/whatsapp.net/*.whatsapp.net/whatsapp.com/*.whatsapp.com/www-cdn.whatsapp.net/googleapis.com/*.googleapis.com/ucy.ac.cy/1e100.net/hwcdn.net/usrcdn,usrcdn6'
list ipset '/akamai.net/usrcdn,usrcdn6'
list ipset '/download.qq.com/bulk,bulk6'
list ipset '/steamcontent.com/bulk,bulk6'
list ipset '/gs2.ww.prod.dl.playstation.net/bulk,bulk6'
list ipset '/dropbox.com/dropboxstatic.com/dropbox-dns.com/log.getdropbox.com/bulk,bulk6'
list ipset '/drive.google.com/drive-thirdparty.googleusercontent.com/bulk,bulk6'
list ipset '/1drv.ms/bulk,bulk6'
list ipset '/1drv.com/bulk,bulk6'
list ipset '/docs.google.com/docs.googleusercontent.com/bulk,bulk6'
list ipset '/gvt1.com/bulk,bulk6'
list ipset '/mmg-fna.whatsapp.net/bulk,bulk6'
list ipset '/upload.youtube.com/upload.video.google.com/bulk,bulk6'
list ipset '/windowsupdate.com/update.microsoft.com/bulk,bulk6'
list ipset '/ms-acdc.office.com/bulk,bulk6'
list ipset '/graph.microsoft.com/bulk,bulk6'
list ipset '/web.whatsapp.com/bulk,bulk6'
list ipset '/*.fastly.net/bulk,bulk6'
list ipset '/downloads.openwrt.org/bulk,bulk6'
list ipset '/*.cdn.openwrt.org/bulk,bulk6'
list ipset '/gvt1.com/gvt2.com/android.clients.google.com/clients1.google.com/clients2.google.com/clients3.google.com/clients4.google.com/clients5.google.com/clients6.google.com/play.googleapis.com/bulk,bulk6'
list ipset '/assetcdn.101.arenanetworks.com/gamecache4,gamecache6'
list ipset '/assetcdn.102.arenanetworks.com/gamecache4,gamecache6'
list ipset '/assetcdn.103.arenanetworks.com/gamecache4,gamecache6'
list ipset '/live.patcher.bladeandsoul.com/gamecache4,gamecache6'
list ipset '/dist.blizzard.com/gamecache4,gamecache6'
list ipset '/dist.blizzard.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/llnw.blizzard.com/gamecache4,gamecache6'
list ipset '/edgecast.blizzard.com/gamecache4,gamecache6'
list ipset '/blizzard.vo.llnwd.net/gamecache4,gamecache6'
list ipset '/blzddist1-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist2-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist3-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/blzddist4-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/level3.blizzard.com/gamecache4,gamecache6'
list ipset '/nydus.battle.net/gamecache4,gamecache6'
list ipset '/edge.blizzard.top.comcast.net/gamecache4,gamecache6'
list ipset '/cdn.blizzard.com/gamecache4,gamecache6'
list ipset '/cdn-11.eft-store.com/gamecache4,gamecache6'
list ipset '/cl-453343cd.gcdn.co/gamecache4,gamecache6'
list ipset '/cdn.homecomingservers.com/gamecache4,gamecache6'
list ipset '/nsa.tools/gamecache4,gamecache6'
list ipset '/pls.patch.daybreakgames.com/gamecache4,gamecache6'
list ipset '/cdn1.epicgames.com/gamecache4,gamecache6'
list ipset '/cdn.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn1.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn2.unrealengine.com/gamecache4,gamecache6'
list ipset '/cdn3.unrealengine.com/gamecache4,gamecache6'
list ipset '/download.epicgames.com/gamecache4,gamecache6'
list ipset '/download2.epicgames.com/gamecache4,gamecache6'
list ipset '/download3.epicgames.com/gamecache4,gamecache6'
list ipset '/download4.epicgames.com/gamecache4,gamecache6'
list ipset '/epicgames-download1.akamaized.net/gamecache4,gamecache6'
list ipset '/cdn.zaonce.net/gamecache4,gamecache6'
list ipset '/hirez.http.internapcdn.net/gamecache4,gamecache6'
list ipset '/level3.nwhttppatch.crypticstudios.com/gamecache4,gamecache6'
list ipset '/filedelivery.nexusmods.com/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.com/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.net/gamecache4,gamecache6'
list ipset '/ccs.cdn.wup.shop.nintendo.net.edgesuite.net/gamecache4,gamecache6'
list ipset '/geisha-wup.cdn.nintendo.net/gamecache4,gamecache6'
list ipset '/geisha-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
list ipset '/idbe-wup.cdn.nintendo.net/gamecache4,gamecache6'
list ipset '/idbe-wup.cdn.nintendo.net.edgekey.net/gamecache4,gamecache6'
list ipset '/ecs-lp1.hac.shop.nintendo.net/gamecache4,gamecache6'
list ipset '/receive-lp1.dg.srv.nintendo.net/gamecache4,gamecache6'
list ipset '/*.wup.eshop.nintendo.net/gamecache4,gamecache6'
list ipset '/*.hac.lp1.d4c.nintendo.net/gamecache4,gamecache6'
list ipset '/*.hac.lp1.eshop.nintendo.net/gamecache4,gamecache6'
list ipset '/origin-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/lvlt.cdn.ea.com/gamecache4,gamecache6'
list ipset '/rxp-lv.cncirc.net/gamecache4,gamecache6'
list ipset '/cronub.fairplayinc.uk/gamecache4,gamecache6'
list ipset '/amirror.tyrant.gg/gamecache4,gamecache6'
list ipset '/mirror.usa.tyrant.gg/gamecache4,gamecache6'
list ipset '/renx.b-cdn.net/gamecache4,gamecache6'
list ipset '/l3cdn.riotgames.com/gamecache4,gamecache6'
list ipset '/worldwide.l3cdn.riotgames.com/gamecache4,gamecache6'
list ipset '/riotgamespatcher-a.akamaihd.net/gamecache4,gamecache6'
list ipset '/riotgamespatcher-a.akamaihd.net.edgesuite.net/gamecache4,gamecache6'
list ipset '/*.dyn.riotcdn.net/gamecache4,gamecache6'
list ipset '/patches.rockstargames.com/gamecache4,gamecache6'
list ipset '/gs2.ww.prod.dl.playstation.net/gamecache4,gamecache6'
list ipset '/gs2.sonycoment.loris-e.llnwd.net/gamecache4,gamecache6'
list ipset '/patch-dl.ffxiv.com/gamecache4,gamecache6'
list ipset '/lancache.steamcontent.com/gamecache4,gamecache6'
list ipset '/*.content.steampowered.com/gamecache4,gamecache6'
list ipset '/content1.steampowered.com/gamecache4,gamecache6'
list ipset '/content2.steampowered.com/gamecache4,gamecache6'
list ipset '/content3.steampowered.com/gamecache4,gamecache6'
list ipset '/content4.steampowered.com/gamecache4,gamecache6'
list ipset '/content5.steampowered.com/gamecache4,gamecache6'
list ipset '/content6.steampowered.com/gamecache4,gamecache6'
list ipset '/content7.steampowered.com/gamecache4,gamecache6'
list ipset '/content8.steampowered.com/gamecache4,gamecache6'
list ipset '/cs.steampowered.com/gamecache4,gamecache6'
list ipset '/steamcontent.com/gamecache4,gamecache6'
list ipset '/client-download.steampowered.com/gamecache4,gamecache6'
list ipset '/*.hsar.steampowered.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/*.akamai.steamstatic.com/gamecache4,gamecache6'
list ipset '/content-origin.steampowered.com/gamecache4,gamecache6'
list ipset '/clientconfig.akamai.steamtransparent.com/gamecache4,gamecache6'
list ipset '/steampipe.akamaized.net/gamecache4,gamecache6'
list ipset '/edgecast.steamstatic.com/gamecache4,gamecache6'
list ipset '/steam.apac.qtlglb.com.mwcloudcdn.com/gamecache4,gamecache6'
list ipset '/*.cm.steampowered.com/gamecache4,gamecache6'
list ipset '/cdn1-sea1.valve.net/gamecache4,gamecache6'
list ipset '/cdn2-sea1.valve.net/gamecache4,gamecache6'
list ipset '/*.steam-content-dnld-1.apac-1-cdn.cqloud.com/gamecache4,gamecache6'
list ipset '/*.steam-content-dnld-1.eu-c1-cdn.cqloud.com/gamecache4,gamecache6'
list ipset '/steam.apac.qtlglb.com/gamecache4,gamecache6'
list ipset '/edge.steam-dns.top.comcast.net/gamecache4,gamecache6'
list ipset '/edge.steam-dns-2.top.comcast.net/gamecache4,gamecache6'
list ipset '/steam.naeu.qtlglb.com/gamecache4,gamecache6'
list ipset '/steampipe-kr.akamaized.net/gamecache4,gamecache6'
list ipset '/steam.ix.asn.au/gamecache4,gamecache6'
list ipset '/steam.eca.qtlglb.com/gamecache4,gamecache6'
list ipset '/steam.cdn.on.net/gamecache4,gamecache6'
list ipset '/update5.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update2.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update6.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update3.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update1.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update4.dota2.wmsj.cn/gamecache4,gamecache6'
list ipset '/update5.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update2.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update4.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update3.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update6.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/update1.csgo.wmsj.cn/gamecache4,gamecache6'
list ipset '/st.dl.bscstorage.net/gamecache4,gamecache6'
list ipset '/cdn.mileweb.cs.steampowered.com.8686c.com/gamecache4,gamecache6'
list ipset '/live.patcher.elderscrollsonline.com/gamecache4,gamecache6'
list ipset '/d3rmjivj4k4f0t.cloudfront.net/gamecache4,gamecache6'
list ipset '/addons.forgesvc.net/gamecache4,gamecache6'
list ipset '/media.forgecdn.net/gamecache4,gamecache6'
list ipset '/files.forgecdn.net/gamecache4,gamecache6'
list ipset '/*.cdn.ubi.com/gamecache4,gamecache6'
list ipset '/content.warframe.com/gamecache4,gamecache6'
list ipset '/dl1.wargaming.net/gamecache4,gamecache6'
list ipset '/dl2.wargaming.net/gamecache4,gamecache6'
list ipset '/wg.gcdn.co/gamecache4,gamecache6'
list ipset '/wgusst-na.wargaming.net/gamecache4,gamecache6'
list ipset '/wgusst-eu.wargaming.net/gamecache4,gamecache6'
list ipset '/update-v4r4h10x.worldofwarships.com/gamecache4,gamecache6'
list ipset '/wgus-wotasia.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wot-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wows-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-ak.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-gc.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-se.wargaming.net/gamecache4,gamecache6'
list ipset '/dl-wowp-cdx.wargaming.net/gamecache4,gamecache6'
list ipset '/*.windowsupdate.com/gamecache4,gamecache6'
list ipset '/windowsupdate.com/gamecache4,gamecache6'
list ipset '/*.dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/dl.delivery.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/*.update.microsoft.com/gamecache4,gamecache6'
list ipset '/*.do.dsp.mp.microsoft.com/gamecache4,gamecache6'
list ipset '/*.microsoft.com.edgesuite.net/gamecache4,gamecache6'
list ipset '/amupdatedl.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl2.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl3.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl4.microsoft.com/gamecache4,gamecache6'
list ipset '/amupdatedl5.microsoft.com/gamecache4,gamecache6'
list ipset '/assets1.xboxlive.com/gamecache4,gamecache6'
list ipset '/assets2.xboxlive.com/gamecache4,gamecache6'
list ipset '/dlassets.xboxlive.com/gamecache4,gamecache6'
list ipset '/xboxone.loris.llnwd.net/gamecache4,gamecache6'
list ipset '/xboxone.vo.llnwd.net/gamecache4,gamecache6'
list ipset '/xbox-mbr.xboxlive.com/gamecache4,gamecache6'
list ipset '/assets1.xboxlive.com.nsatc.net/gamecache4,gamecache6'
list ipset '/xvcf1.xboxlive.com/gamecache4,gamecache6'
list server '127.0.0.1#1054'
list server '::1#1054'
config boot 'linux'
option filename 'pxelinux.0'
option serveraddress '192.168.1.1'
option servername 'router'
list dhcp_option '209,pxelinux.cfg/default'
option force '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wg0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan_6'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config zone
option name 'vpnzone'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'VPN_USA'
list network 'wg_usa'
config forwarding
option src 'lan'
option dest 'vpnzone'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
option reload '1'
config zone 'docker'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'docker'
list network 'docker'
config rule
option name 'AllowNGINXPMAdmin'
option src_port '81'
option dest 'lan'
option dest_port '81'
option target 'ACCEPT'
option src 'lan'
list dest_ip '172.18.0.2'
config redirect
option target 'DNAT'
option name 'RProxy-Admin'
option src 'lan'
option src_dport '81'
option dest 'lan'
option dest_port '81'
option dest_ip '172.18.0.2'
config redirect
option target 'DNAT'
option name 'RProxy'
option src 'wan'
option src_dport '80'
option dest 'lan'
option dest_port '80'
option dest_ip '172.18.0.2'
config redirect
option target 'DNAT'
option name 'RProxy-SSL'
option src 'wan'
option src_dport '443'
option dest 'lan'
option dest_port '443'
option dest_ip '172.18.0.2'
config redirect 'adblock_wan853'
option src 'wan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
option name 'AGH DNS over TLS'
option dest 'lan'
option dest_ip '192.168.1.1'
config redirect
option target 'DNAT'
option name 'AGH DNS over QUIC'
option src 'wan'
option src_dport '784'
option dest 'lan'
option dest_ip '192.168.1.1'
option dest_port '784'
config rule
option name 'RClone-GUI'
option src 'lan'
option src_port '5572'
option dest 'lan'
option dest_port '5572'
option target 'ACCEPT'
list dest_ip '192.168.1.1'
list dest_ip 'fd04:52a5:a38a::1'
config rule
option name 'HomeAssistant'
option src 'lan'
option src_port '8123'
option dest 'lan'
option dest_port '8123'
option target 'ACCEPT'
list dest_ip '192.168.1.1'
list dest_ip 'fd04:52a5:a38a::1'
config rule
option name 'Allow-NFS-RPC'
option src 'lan'
option proto 'tcp udp'
option dest_port '111'
option target 'ACCEPT'
config rule
option name 'Allow-NFS'
option src 'lan'
option proto 'tcp udp'
option dest_port '2049'
option target 'ACCEPT'
config rule
option name 'Allow-NFS-Lock'
option src 'lan'
option proto 'tcp udp'
option dest_port '32777:32780'
option target 'ACCEPT'
config rule
option name 'Tautulli'
option src 'lan'
option src_port '8181'
option dest 'lan'
list dest_ip '172.18.0.5'
option dest_port '8181'
option target 'ACCEPT'
config rule
option name 'PiHole-Admin'
option src_port '82'
option dest 'lan'
option dest_port '82'
option target 'ACCEPT'
option src 'lan'
list dest_ip '192.168.1.1'
list dest_ip 'fd04:52a5:a38a::1'
config nat
option name 'PiHole-DNAT'
list proto 'tcp'
list proto 'udp'
list proto 'icmp'
option src 'lan'
option dest_ip '192.168.0.2'
option dest_port '80'
option target 'SNAT'
option snat_ip '192.168.1.1'
option snat_port '82'
config rule
option name 'Transmission-GUI'
option src 'lan'
option dest 'lan'
option target 'ACCEPT'
list dest_ip '192.168.1.1'
list dest_ip 'fd04:52a5:a38a::1'
option src_port '9091'
option dest_port '9091'
config rule
option name 'NGINXPM-DB'
option src 'lan'
list src_ip '172.18.0.2'
option src_port '3306'
option dest 'lan'
list dest_ip '172.18.0.3'
option dest_port '3306'
option target 'ACCEPT'
config rule
option name 'Adguard-Admin'
option src 'wan'
option src_port '82'
option dest 'lan'
option dest_port '82'
option target 'ACCEPT'
list dest_ip '172.18.0.6'
list dest_ip '2001:3984:3989::6'
config rule 'wg'
option dest_port '51820'
option target 'ACCEPT'
option name 'Allow-WireGuard-lan'
list proto 'tcp'
list proto 'udp'
option src 'wan'
config defaults
option input 'REJECT'
option output 'REJECT'
option forward 'REJECT'
config rule
option name 'Allow-ZeroTier-Inbound'
list proto 'udp'
option src 'wan'
option dest_port '9993'
option target 'ACCEPT'
config zone
option name 'mesh'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
list network 'Zerotier'
config forwarding
option src 'mesh'
option dest 'lan'
config forwarding
option src 'mesh'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'mesh'
config forwarding
option src 'wan'
option dest 'mesh'
config redirect 'adblock_docker53'
option name 'Adblock DNS (docker, 53)'
option src 'docker'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_docker853'
option name 'Adblock DNS (docker, 853)'
option src 'docker'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_docker5353'
option name 'Adblock DNS (docker, 5353)'
option src 'docker'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
config redirect 'adblock_lan53'
option name 'Adblock DNS (lan, 53)'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_lan853'
option name 'Adblock DNS (lan, 853)'
option src 'lan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_lan5353'
option name 'Adblock DNS (lan, 5353)'
option src 'lan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
config redirect 'adblock_vpnzone53'
option name 'Adblock DNS (vpnzone, 53)'
option src 'vpnzone'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_vpnzone853'
option name 'Adblock DNS (vpnzone, 853)'
option src 'vpnzone'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_vpnzone5353'
option name 'Adblock DNS (vpnzone, 5353)'
option src 'vpnzone'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
config redirect 'adblock_wan53'
option name 'Adblock DNS (wan, 53)'
option src 'wan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_wan5353'
option name 'Adblock DNS (wan, 5353)'
option src 'wan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
wg show
interface: wg0
public key: REDACTED
private key: (hidden)
listening port: 51820
peer: REDACTED
preshared key: (hidden)
allowed ips: 10.0.5.2/32
persistent keepalive: every 25 seconds
peer: REDACTED
preshared key: (hidden)
allowed ips: 10.0.5.3/32
persistent keepalive: every 25 seconds
peer: REDACTED
preshared key: (hidden)
allowed ips: 10.0.5.4/32
persistent keepalive: every 25 seconds
peer: REDACTED
preshared key: (hidden)
allowed ips: 10.0.5.5/32
persistent keepalive: every 25 seconds
peer: REDACTED
preshared key: (hidden)
allowed ips: 10.0.5.6/32, fd2d:a278:3852::/64
persistent keepalive: every 25 seconds
interface: wg_usa
public key: REDACTED
private key: (hidden)
listening port: 59327