A different change is the final rule which drops all new relationship tries from the WAN port to our LAN community (unless DstNat is used). With out this rule, if an attacker knows or guesses your local subnet, he/she can establish connections directly to nearby hosts and lead to a https://wbofficial.com
