diff --git a/openmptcprouter/files/etc/init.d/openvpnbonding b/openmptcprouter/files/etc/init.d/openvpnbonding
index 2df9d5897..77d0b8c75 100755
--- a/openmptcprouter/files/etc/init.d/openvpnbonding
+++ b/openmptcprouter/files/etc/init.d/openvpnbonding
@@ -55,7 +55,7 @@ _disable_openvpnbonding()
 {
 	name=$1
 	if [ "$(echo $name | grep omr_bonding)" != "" ]; then
-		uci -q set openvpn.${name}.enabled='0'
+		uci -q del openvpn.${name}.enabled
 		uci -q batch <<-EOF >/dev/null
 			del network.omrvpn.bonding_policy
 			del network.omrvpn.packets_per_slave
diff --git a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
index ecb75b2f5..d9986be6d 100755
--- a/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
+++ b/openmptcprouter/files/etc/uci-defaults/1940-omr-dns
@@ -8,6 +8,11 @@ if [ "$(uci -q get openmptcprouter.latest_versions)" = "" ]; then
 			set unbound.@unbound[-1].recursion="aggressive"
 			set unbound.@unbound[-1].validator='1'
 			set unbound.@unbound[-1].validator_ntp='1'
+			del unbound.ub_main.dns64_prefix
+			del unbound.ub_main.iface_wan
+			del unbound.ub_main.dhcp4_slaac6
+			del unbound.ub_main.query_minimize
+			del unbound.ub_main.query_min_strict
 			commit unbound
 		EOF
 	fi
diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index 3719a41b0..b4493bb18 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -77,6 +77,7 @@ if [ "$(uci -q show firewall | grep Allow-All-Ping)" = "" ]; then
 		set firewall.@rule[-1].dest='*'
 		set firewall.@rule[-1].src='*'
 		set firewall.@rule[-1].icmp_type='echo-request'
+		set firewall.@rule[-1].limit='1000/sec'
 		commit firewall
 	EOF
 fi
@@ -195,6 +196,7 @@ if [ "$(uci -q get firewall.allowicmpipv6)" = "" ]; then
 		set firewall.allowicmpipv6.src='wan'
 		set firewall.allowicmpipv6.name='Allow IPv6 ICMP'
 		set firewall.allowicmpipv6.family='ipv6'
+		set firewall.@rule[-1].limit='1000/sec'
 		set firewall.allowicmpipv6.icmp_type='neighbour-advertisement neighbour-solicitation router-advertisement router-solicitation'
 		commit firewall
 	EOF
@@ -244,6 +246,7 @@ if [ "$(uci -q get openmptcprouter.settings.sipalg)" != "1" ]; then
 	uci -q batch <<-EOF >/dev/null
 		set firewall.zone_lan.auto_helper='0'
 		set firewall.zone_wan.auto_helper='0'
+		set firewall.zone_vpn.auto_helper='0'
 		commit firewall
 	EOF
 	rmmod nf_nat_sip 2>&1 >/dev/null
diff --git a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
index 4cb5a524c..75a947d27 100755
--- a/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
+++ b/openmptcprouter/files/etc/uci-defaults/2020-omr-vpn
@@ -38,7 +38,6 @@ if [ "$(uci -q get openvpn.omr.proto)" != "tcp-client" ]; then
 		set openvpn.omr.port=65301
 		set openvpn.omr.cipher=AES-256-CBC
 		set openvpn.omr.proto=tcp-client
-		set openvpn.omr.enabled=0
 		set openvpn.omr.ncp_disable=1
 		set openvpn.omr.auth_nocache=1
 		set openvpn.omr.client=1