Usually, https-dns-proxy on openwrt is used as an upstream server for dnsmasq. Which causes quite a few local UDP/TCP connections, for which connection tracking is unnecessary. You might implement an option, to modify fw4 not to do connection tracking between dnsmasq and https-dns-proxy. Or to drop conntrack between local client machines and dnsmasq, too. For details, you might refere to my post here:
https://forum.openwrt.org/t/lets-tune-openwrt-i-e-dns-with-https-dns-proxy/249116
Usually, https-dns-proxy on openwrt is used as an upstream server for dnsmasq. Which causes quite a few local UDP/TCP connections, for which connection tracking is unnecessary. You might implement an option, to modify fw4 not to do connection tracking between dnsmasq and https-dns-proxy. Or to drop conntrack between local client machines and dnsmasq, too. For details, you might refere to my post here:
https://forum.openwrt.org/t/lets-tune-openwrt-i-e-dns-with-https-dns-proxy/249116