weird, normally if input is set to reject clients will not receive ip from the dhcp server from the router, however it is possible you are on a static ip then it is possible there is no inbound traffic since there is no arp communication or dhcp ack/req communication.
traffic rules on the other hand have a higher priority on top of zone forwardings, it could be a left over traffic rule which make it work?
All the other things seem to be correct in your firewall configuration now.
the issue might be something else here, and therefor I need to view your raw configuration.
could you post the contents of:
- /etc/config/network
- /etc/config/dhcp
and maybe the last 50 lines (don't need to be accurate), from the log in luci, just discard any sensitive information like the mac addresses or public ips.
it is possible there could be something with dhcp rebinding protection going on, or some DSA settings are wrong, I want to be sure this is correct.
I do remember there is a tutorial on this forum to setup vlans for the Flint 3, this tutorial is not compatible with MT2500, or many other GL-iNet routers, since the ports on the Flint 3 are invidual ports on the cpu switch as their tutorial seem to suggest, other routers often don't have invidual ports, however I also wrote a in depth tutorial here, this tutorial also show some small steps which often are overlooked but can cause big configuration issues like the default gateway checkbox.
let me know 