These rules are assigned in Network → Interfaces to the “lan” and “IoT” interfaces respectively.
Now I click Save and Confirm, after 90s it times out and shows the rollback message as I would have lost the connection otherwise, so I assume something is not quite right in my config.
Does anyone know what I need to change to get the setup to work?
By default on each new zone the default input is set to drop, please set this to accept for iot.
Now as for the other things i see you use covered devices for the firewall zone.
Its important you may only choose interface names and not generic DSA devices, you can see it reflect aswell if you edit a network interface and click on the tab firewall, so for br-lan.99 which is used by interface lan, lan would be the covered firewall device for that zone.
^ Only if you own a pppoe server or something fancy you might choose the dsa device as cover for a firewall zone like ppp+, though its kinda off design but still works
only wan should have a default route defined, and lan interface because lan is a special interface which is your default gateway.
other interfaces are not recommend to have this checkbox defined, because otherwise you can cause a situation interface A, uses gateway from interface B instead of A → WAN/WWAN.
I think this might explain why it does not work.
in rare situations the interface iot with this checkbox checked would be seen as a wan connection which is invalid
I was looking on the LuCI page for my Spitz AX (I don't have access to my Flint 2 since it's in Extender mode at another location) and I don't see a "LAN1", "LAN2" etc. on the LuCI page like OP shows.
