Below is my entire /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan Guest_LAN'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option forward 'ACCEPT'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
option enabled '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
option reload '1'
config include 'gls2s'
option type 'script'
option path '/var/etc/gls2s.include'
option reload '1'
config include 'glfw'
option type 'script'
option path '/usr/bin/glfw.sh'
option reload '1'
config include 'glqos'
option type 'script'
option path '/usr/sbin/glqos.sh'
option reload '1'
config include 'mwan3'
option type 'script'
option path '/var/etc/mwan3.include'
option reload '1'
config rule 'sambasharewan'
option src 'wan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'DROP'
config rule 'sambasharelan'
option src 'lan'
option dest_port '137 138 139 445'
option dest_proto 'tcpudp'
option target 'ACCEPT'
config rule 'glservice_rule'
option name 'glservice'
option dest_port '83'
option proto 'tcp udp'
option src 'wan'
option target 'ACCEPT'
option enabled '0'
config redirect
option target 'DNAT'
option name 'SMTP'
option dest 'lan'
option src_dport '25'
option dest_port '25'
option gl '1'
option proto 'tcp'
option dest_ip '192.168.1.160'
option enabled '1'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'SMTP_Submission'
option dest 'lan'
option proto 'tcp'
option src_dport '587'
option dest_port '587'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'SMTPs'
option dest 'lan'
option proto 'tcp'
option src_dport '465'
option dest_port '465'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'IMAP'
option dest 'lan'
option proto 'tcp'
option src_dport '143'
option dest_port '143'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'IMAPS'
option dest 'lan'
option proto 'tcp'
option src_dport '993'
option dest_port '993'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'POP3'
option dest 'lan'
option proto 'tcp'
option src_dport '110'
option dest_port '110'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'POP3s'
option dest 'lan'
option proto 'tcp'
option src_dport '995'
option dest_port '995'
option enabled '1'
option gl '1'
option dest_ip '192.168.1.160'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'NAS_Web'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8443'
option dest_ip '192.168.1.175'
option dest_port '8443'
option enabled '1'
option gl '1'
config redirect
option target 'DNAT'
option name 'NAS_WEB1'
option src 'wan'
option dest 'lan'
option proto 'tcp'
option src_dport '8080'
option dest_ip '192.168.1.175'
option dest_port '8080'
option enabled '1'
option gl '1'
config redirect
option target 'DNAT'
option name 'Mail_Web'
option dest 'lan'
option proto 'tcp'
option src_dport '80'
option dest_ip '192.168.1.160'
option dest_port '80'
option enabled '1'
option gl '1'
option src 'wireguard'
config redirect
option target 'DNAT'
option name 'Mail_HTTPS'
option dest 'lan'
option proto 'tcp'
option src_dport '443'
option dest_ip '192.168.1.160'
option dest_port '443'
option enabled '1'
option gl '1'
option src 'wireguard'
config rule 'AllowWireguard'
option name 'Allow-Wireguard'
option target 'ACCEPT'
option src 'wan'
option proto 'udp tcp'
option family 'ipv4'
option dest_port '48137'
config zone 'wireguard'
option name 'wireguard'
option input 'DROP'
option forward 'ACCEPT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option device 'wg0'
option masq6 '1'
config forwarding 'wireguard_wan'
option src 'wireguard'
option dest 'wan'
config forwarding 'wireguard_lan'
option src 'wireguard'
option dest 'lan'
config forwarding 'lan_wireguard'
option src 'lan'
option dest 'wireguard'