Hello, maybe this rule in firewall will help in solving the problem:
add action=accept chain=input src-address-type=local dst-address-type=local
As far as I understand this will allow local traffic on the router itself.
You should put it above “defconf: drop all not coming from LAN”.
ps: Not sure if this is the right decision, but it works.
pps: Oops! This solution was suggested above. Sorry…