Following example config on ER-X leaves firewall rule allowing only invalid packets

[dasrue]

I just followed the example configuration, on 2 different Edgerouter X's and found the same behaviour if you copy and paste the example configuration from the readme.md. The firewall rule seems to get generated with only the allow invalid box ticked. A solution could be to update the readme to include:

set firewall name WAN_LOCAL rule 20 state established enable
set firewall name WAN_LOCAL rule 20 state new enable
set firewall name WAN_LOCAL rule 20 state related enable

after set firewall name WAN_LOCAL rule 20 destination port 51820.

[dc361]

Good catch - the rules you mention would be necessary on an edgerouter initiating a peer connection and the rules in the readme.md work fine for listening for a peer.