Working rules below you can compare and find the difference:
uci set firewall.@zone.input="REJECT"
uci set firewall.luci="rule"
uci set firewall.luci.name="luci"
uci set firewall.luci.src="lan"
uci set firewall.luci.dest_port="80 443"
uci set firewall.luci.proto="tcp"
uci set firewall.luci.target="ACCEPT"
uci set firewall.ssh="rule"
uci set firewall.ssh.name="ssh"
uci set firewall.ssh.src="lan"
uci set firewall.ssh.dest_port="22"
uci set firewall.ssh.proto="tcp"
uci set firewall.ssh.target="ACCEPT"
uci set firewall.dhcp="rule"
uci set firewall.dhcp.name="dhcp"
uci set firewall.dhcp.src="lan"
uci set firewall.dhcp.dest_port="67"
uci set firewall.dhcp.family="ipv4"
uci set firewall.dhcp.proto="udp"
uci set firewall.dhcp.target="ACCEPT"
uci set firewall.dhcp6="rule"
uci set firewall.dhcp6.name="dhcp6"
uci set firewall.dhcp6.src="lan"
uci set firewall.dhcp6.dest_port="547"
uci set firewall.dhcp6.family="ipv6"
uci set firewall.dhcp6.proto="udp"
uci set firewall.dhcp6.target="ACCEPT"
service firewall restart
# Reconnect and test, then save
uci commit firewall
It is applied only for those interfaces which are not assigned to firewall zones.
It helps to prevent soft lock if your network configuration changes.
This rule that accepts input applies to the incoming traffic destined to the router itself.
So, if the DHCP server is different than the router, but within the broadcast domain of the LAN, you cannot drop the packets like this.
If it is on a different broadcast domain, then you need to do some routing and also enable DHCP relay. Still you need to add any rules in the Forward chain, which is exactly for traffic traversing the router.
Finally have you disabled the built-in DHCP server of OpenWrt?