An additional big difference is the final rule which drops all new connection makes an attempt in the WAN port to our LAN network (Until DstNat is utilized). Devoid of this rule, if an attacker knows or guesses your local subnet, he/she can set up connections directly to neighborhood hosts https://wbofficial.com
