What is minimal/best secure firewall configuration

I am wondering, which of those firewall rules are essential. After factory reset, there are several rules [talking about https://192.168.1.1/cgi-bin/luci/admin/network/firewall/rules ] such as Allow-DHCP-Renew , Allow-Ping , Allow-IGMP , two unnamed [Any esp From any host in wan To any host in lan] [Any udp From any host in wan To any host, port 500 in lan].
I’m curious, if I remove all the rules, will it impact functionality?
Btw. I couldn’t find any manual for Omnia Firewall settings :-/
I would understand, removing AllowingPing would make the router stop responding ping from WAN.
What about Allow-DHCP-Renew and Allow-IGMP?
When there is NAT in place, how can rule Any udp From any host in wan To any host, port 500 in lan make a host in WAN able to reach host in LAN when there is no port forwarding set?

What will be the most secure FW settings [considering NAT in place, no services running on Omnia, no port forwards, no special functions] ?

Is anyone working with the firewall? Or just leaving it in defaults?

The only changes I’ve made in that section were connected to adding functionality like SSH honeypot, print server etc.

Last night someone from Thailand tried to access (without success) my NAS.
I wander how he got into my network.
Any idea to secure my network?