Yeah; this is custom work to be sure.
Just a heads up: OpenWrt is about to change over from iptables (21.02 & earlier) to nftables . That’s probably going to severely impact what kind of firewall chains are required when you ask for help.
Be sure to specify what version of OpenWrt you’re running & don’t be afraid to SSH into the device. You’re most likely going to need to. The default IP for GL devices is 192.168.8.1.
(Also backup as you go. It’ll be easier than resetting, starting over fr scratch if it becomes all too messy. See HOW-TO.)