also if you take snippets from my old post this one is pretty important.
# === Custom Restart on Firewall Reload ===
grep -q "/cfg/rc.local restart" /etc/init.d/firewall || sed -i '/reload_service()/a\ /cfg/rc.local restart' /etc/init.d/firewall
Without this every time you make a change via the gui it reloads the /etc/init.d/firewall which sometimes wipes out your custom rules. So with this it also applies the config again every time you make a gui change. And with the if statements I have it will only recreate the interfaces or rules if they dont currently exist already.