Yet another big difference is the last rule which drops all new connection attempts in the WAN port to our LAN community (Until DstNat is applied). Devoid of this rule, if an attacker appreciates or guesses your neighborhood subnet, he/she will be able to create connections on to neighborhood hosts https://wbofficial.com
