[Solved] Safely and permanently open LuCI 443 and SSH to WAN

I was afraid that opening uHTTPd to the internet might not be a good idea. Tunneling through SSH would be acceptable (already using SSH keys with non standard Port, unfortunately no ed25519 as dropbear doesn's support it), but building a whole VPN PKI from scratch is bit much.

So I've to wright a rule in /etc/config/firewall or is it possible to do this via LuCI? In LuCI there is Port Forwards, Traffic Rules, NAT rules and Custom Rules.

FYI I'm using this build.