/etc/init.d/firefall reset - reload iptables rules
--- Rules to allow local trafic and DNS from LAN to WAN interface ---
config rule
option name 'Allow-Local-NAT-10'
option src 'lan'
option dest 'wan'
option proto 'all'
option target 'ACCEPT'
option dest_ip '10.0.0.0/8'
config rule
option name 'Allow-Local-NAT-172'
option src 'lan'
option dest 'wan'
option proto 'all'
option target 'ACCEPT'
option dest_ip '172.16.0.0/12'
config rule
option name 'Allow-Local-NAT-192'
option src 'lan'
option dest 'wan'
option proto 'all'
option target 'ACCEPT'
option dest_ip '192.168.0.0/16'
config rule
option name 'Allow-Local-NAT-DNS'
option src 'lan'
option dest 'wan'
option target 'ACCEPT'
option dest_port '53'
option proto 'tcp udp'
config rule
option name 'Deny-NAT-through-WAN'
option src 'lan'
option dest 'wan'
option target 'DROP'
option proto 'all'
config forwarding
option src 'lan'
option dest 'wan'