config defaults                           
        option syn_flood        1         
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
                                                                            
config zone                              
        option name             wan
        option input    REJECT         
        option output   ACCEPT         
        option forward  REJECT     
        option masq             1  
        option mtu_fix  1   
config zone                 
        option name     mesh                
        option input    ACCEPT              
        option output   ACCEPT             
        option forward  REJECT             
config zone
        option name     lan
        option input    ACCEPT        
        option output   ACCEPT                
        option forward  REJECT                  
config forwarding                  
        option src      mesh       
        option dest     wan                

config forwarding
        option src      lan
        option dest     wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule                        
        option src              wan 
        option proto            udp      
        option dest_port        68       
        option target           ACCEPT
                                    
#Allow ping                         
config rule                        
        option src wan        
        option proto icmp            
        option icmp_type echo-request
        option target ACCEPT       
                                                 
# include a file with users custom iptables rules
config include                           
        option path /etc/firewall.user