config defaults                           
        option syn_flood        1         
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
                                                                            
config zone                              
        option name             wan
        option input    REJECT         
        option output   ACCEPT         
        option forward  REJECT     
        option masq             1  
        option mtu_fix  1   
config zone                 
        option name     mesh                
        option input    ACCEPT              
        option output   ACCEPT             
        option forward  REJECT             
                   
config forwarding                  
        option src      mesh       
        option dest     wan                

config forwarding
        option src      lan
        option dest     wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule                        
        option src              wan 
        option proto            udp      
        option dest_port        68       
        option target           ACCEPT
                                    
#Allow ping                         
config rule                        
        option src wan        
        option proto icmp            
        option icmp_type echo-request
        option target ACCEPT       
                                                 
# include a file with users custom iptables rules
config include                           
        option path /etc/firewall.user