Hello,
In your firewall configuration, the last 3 rolls in the ipv4 section should be moved above - add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
For proper firewall operation, the last roll should be :drop all from WAN.
In your firewall configuration, the last 3 rolls in the ipv4 section should be moved above - add action=drop chain=forward comment=\
"defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
connection-state=new in-interface-list=WAN
For proper firewall operation, the last roll should be :drop all from WAN.
Statistics: Posted by johnson73 — Wed Dec 13, 2023 10:51 am