FW rules for inter zone communication

I did already successfully after days of testing and studying made firewall zone segmentation with dedicated VLANs that are supposed to stay completely out of LAN (system VLAN 1).

But I wonder how do I implement rule to allow
e.g.
device RPI4, port 80, from LAN (VLAN 1) on IPv4 adress 192.168.1.200 available from
VLAN 20 zone when communication between these zones is not forwarded.

I tried custom rules but I have not seen any example of proper syntax.

Please help. I expect implementation by custom rules in FW.
But can be any other way.

Have a look here:

Hi, So by writing new rule (linked below) into /etc/config/firewall it will work as I need?
And by this I should be able to as well define more specific rules for forwardings that are in place already?

Yes, that is correct.

OK, I will get to that soon and I will edit this message with result. :slight_smile:

EDIT:
I have used solution below and works 100%.
I was little bit misled because I was using this GUI interface before setting proper network interfaces and FW zones in Turris and I had zero success.

Thank you all. Merry Christmas as well. :slight_smile:

You can use LuCI GUI, too. Just go to „LuCI → Network → Firewall → Traffic Rules“ and add a new forward rule (see screenshot). Then click „Add and edit“ and set everything up as you want on the next screen and then „Save and apply“.

It‘s pretty self explanatory… And it will generate entries into /etc/config/firewall as if you would create them manually, it‘s just „the GUI way“.

Rules will then appear on the „Traffic Rules“ Tab, regardless whether they were created manually or via LuCI.