[openwrt] punch holes in the wan firewall zone for dhcp, avahi, ping and flukso rest api

mote/v2/openwrt/files/etc/config/firewall

@@ -3,6 +3,8 @@ config defaults
 	option input		ACCEPT
 	option output		ACCEPT 
 	option forward		REJECT
+# Uncomment this line to disable ipv6 rules
+#	option disable_ipv6	1
 
 config zone
 	option name		lan
@@ -16,15 +18,45 @@ config zone
 	option output	ACCEPT 
 	option forward	REJECT
 	option masq		1 
+	option mtu_fix	1
 
 config forwarding 
 	option src      lan
 	option dest     wan
 
-## Enable this option if you encounter any MTU problems
-## e.g. some websites work, others do not, submitting
-## forms causes problems, ...
-#       option mtu_fix  1
+# We need to accept udp packets on port 68,
+# see https://dev.openwrt.org/ticket/4108
+config rule
+	option src		wan
+	option proto		udp
+	option dest_port	68
+	option target		ACCEPT
+	option family	ipv4
+
+#Allow ping
+config rule
+	option src		wan
+	option proto		icmp
+	option icmp_type	echo-request
+	option target		ACCEPT
+
+#Allow access to local REST API on the wan itf
+config rule
+	option src		wan
+	option proto		tcp
+	option dest_port	8080
+	option target		ACCEPT
+
+#Open up UDP port 5353 on the wan for avahi
+config rule
+	option src		wan
+	option proto		udp
+	option dest_port	5353
+	option target		ACCEPT
+
+# include a file with users custom iptables rules
+config include
+	option path /etc/firewall.user
 
 
 ### EXAMPLE CONFIG SECTIONS
@@ -57,15 +89,10 @@ config forwarding
 #	option dest_port	80 
 #	option proto		tcp
 
-# include a file with users custom iptables rules
-config include
-       option path /etc/firewall.user
-
 
 ### FULL CONFIG SECTIONS
 #config rule
 #	option src		lan
-#       option src              lan
 #	option src_ip	192.168.45.2
 #	option src_mac	00:11:22:33:44:55
 #	option src_port	80
@@ -84,4 +111,3 @@ config include
 #	option dest_ip	194.25.2.129
 #	option dest_port	120
 #	option proto	tcp
-