One more difference is the final rule which drops all new relationship makes an attempt through the WAN port to our LAN network (unless DstNat is used). Without this rule, if an attacker knows or guesses your local subnet, he/she will be able to create connections straight to nearby hosts https://wbofficial.com
