A different distinction is the final rule which drops all new relationship tries through the WAN port to our LAN community (Unless of course DstNat is used). Without this rule, if an attacker is familiar with or guesses your local subnet, he/she will be able to set up connections straight https://wbofficial.com
