/etc/config/Firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'external'
option name 'external'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option name 'guest'
option network 'guest'
config forwarding
option dest 'wan'
option src 'guest'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'external'
option proto 'tcp udp'
option src_dport '80'
option dest_ip '192.168.2.100'
option dest_port '80'
option name 'http_external'
config redirect
option target 'DNAT'
option src 'wan'
option dest 'external'
option src_dport '443'
option dest_ip '192.168.2.100'
option dest_port '443'
option name 'https_external'
option proto 'tcp udp'
config zone
option forward 'REJECT'
option output 'ACCEPT'
option name 'wanb'
option masq '1'
option mtu_fix '1'
option network 'wanb'
option input 'REJECT'
config forwarding
option dest 'wanb'
option src 'guest'
config forwarding
option dest 'wanb'
option src 'lan'
config redirect
option target 'DNAT'
option src 'wanb'
option dest 'external'
option src_dport '80'
option dest_ip '192.168.2.100'
option dest_port '80'
option name 'http_external_b'
option proto 'tcp udp'
config redirect
option target 'DNAT'
option src 'wanb'
option dest 'external'
option src_dport '443'
option dest_ip '192.168.2.100'
option dest_port '443'
option name 'https_external_b'
option proto 'tcp udp'
config zone
option name 'zone_vpn'
option network 'vpn'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'zone_vpn'
option src 'lan'
config zone
option name 'zone_vpn1'
option network 'vpn1'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
config rule
option name 'Allow-OpenVPN'
option target 'REJECT'
option src '*'
option proto 'udp'
option dest_port '1194'
config forwarding
option dest 'lan'
option src 'zone_vpn1'
config forwarding
option dest 'wan'
option src 'zone_vpn1'
config forwarding
option dest 'wan'
option src 'external'
config forwarding
option dest 'wanb'
option src 'external'
config redirect
option target 'DNAT'
option src 'guest'
option dest 'external'
option src_dport '443'
option dest_ip '192.168.2.100'
option dest_port '443'
option name 'guest_https_external'
option proto 'tcp udp'
option src_dip '192.168.1.100'
config rule 'wg'
option name 'Allow-WireGuard'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
option src '*'
config forwarding
option dest 'wan'
option src 'zone_vpn2'
config zone
option name 'zone_vpn2'
option network 'wg0'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option dest 'lan'
option src 'zone_vpn2'
option enabled '1'
config redirect
option name 'Wireguard SNAT Lan'
option src 'zone_vpn2'
option dest 'lan'
option src_dip '192.168.1.189'
option proto 'tcpudp'
option target 'SNAT'
option enabled '0'
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix ''
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option metric '10'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '0t 1'
config switch_vlan
option device 'switch0'
option vlan '3'
option vid '3'
option ports '0t 3'
config switch_vlan
option device 'switch0'
option vlan '4'
option vid '4'
option ports '0t 4'
config interface 'external'
option proto 'static'
option ifname 'eth0.3'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
config interface 'guest'
option proto 'static'
option ifname 'eth0.4'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option type 'bridge'
config switch_vlan
option device 'switch0'
option vlan '5'
option vid '5'
option ports '0t 5'
config interface 'wanb'
option ifname 'eth0.5'
option proto 'dhcp'
option metric '20'
config interface 'vpn'
option proto 'none'
option ifname 'tun0'
config interface 'vpn1'
option proto 'none'
option ifname 'tun1'
option auto '1'
config interface 'wg0'
option proto 'wireguard'
option listen_port '51820'
list addresses '192.168.9.1/24'
list addresses 'fdf1:7610:d152:3a9c::1/64'
config wireguard_wg0 'wgclient'
list allowed_ips '192.168.9.0/24'
list allowed_ips 'fdf1:7610:d152:3a9c::0/64'
config wireguard_wg0
option description 'Android'
list allowed_ips '192.168.9.0/24'
/etc/config/mwan3
config rule 'wireguard_rule0'
option dest_port '51820'
option proto 'udp'
option sticky '0'
option use_policy 'wan_only'
config rule 'default_rule'
option dest_ip '0.0.0.0/0'
option proto 'all'
option sticky '0'
option use_policy 'wan_wanb'
config globals 'globals'
option rtmon_interval '5'
config interface 'wan'
option enabled '1'
option family 'ipv4'
option reliability '2'
option count '1'
option timeout '2'
option failure_latency '1000'
option recovery_latency '500'
option failure_loss '20'
option recovery_loss '5'
option interval '5'
option down '3'
option up '8'
config interface 'wan6'
option enabled '0'
option family 'ipv6'
option reliability '2'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
config interface 'wanb'
list track_ip '8.8.4.4'
list track_ip '8.8.8.8'
option family 'ipv4'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
option enabled '1'
option initial_state 'online'
option track_method 'ping'
option size '56'
option max_ttl '60'
option check_quality '0'
option failure_interval '5'
option recovery_interval '5'
config interface 'wanb6'
option enabled '0'
option family 'ipv6'
option reliability '1'
option count '1'
option timeout '2'
option interval '5'
option down '3'
option up '8'
config member 'wan_m1_w3'
option interface 'wan'
option metric '1'
option weight '3'
config member 'wan_m2_w3'
option interface 'wan'
option metric '2'
option weight '3'
config member 'wanb_m1_w2'
option interface 'wanb'
option metric '1'
option weight '2'
config member 'wanb_m2_w2'
option interface 'wanb'
option metric '2'
option weight '2'
config member 'wan6_m1_w3'
option interface 'wan6'
option metric '1'
option weight '3'
config member 'wan6_m2_w3'
option interface 'wan6'
option metric '2'
option weight '3'
config member 'wanb6_m1_w2'
option interface 'wanb6'
option metric '1'
option weight '2'
config member 'wanb6_m2_w2'
option interface 'wanb6'
option metric '2'
option weight '2'
config policy 'wan_only'
list use_member 'wan_m1_w3'
list use_member 'wan6_m1_w3'
config policy 'wanb_only'
list use_member 'wanb_m1_w2'
list use_member 'wanb6_m1_w2'
config policy 'balanced'
list use_member 'wan_m1_w3'
list use_member 'wanb_m1_w2'
list use_member 'wan6_m1_w3'
list use_member 'wanb6_m1_w2'
config policy 'wan_wanb'
list use_member 'wan_m1_w3'
list use_member 'wanb_m2_w2'
list use_member 'wan6_m1_w3'
list use_member 'wanb6_m2_w2'
config policy 'wanb_wan'
list use_member 'wan_m2_w3'
list use_member 'wanb_m1_w2'
list use_member 'wan6_m2_w3'
list use_member 'wanb6_m1_w2'
Sorry for the title, I receive blocking of linux servers correctly for requesting from another network segment.