config: drop to-be-forwarded-nowhere packets on wans

Dropping packets with no clear forward destination is nicer than rejecting them. Especially when some providers punish users for spoofing caused by their noisy infra. Fixes: https://github.com/openwrt/openwrt/issues/13340 Signed-Off-By: Andris PE <neandris@gmail.com>
author: Andris PE 2024-02-29 14:17:03 +0000
committer: Jo-Philipp Wich 2025-03-17 15:46:41 +0000
commit: 97962771aa3c490d6186e64015f85dd66254fdf0 (patch)
tree: ec84f4bed55e715d6d366d731e9bbc2d10996773
parent: 00fc6943a29732375addf72a12f2381df5b25428 (diff)
download: firewall4-97962771aa3c490d6186e64015f85dd66254fdf0.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/root/etc/config/firewall b/root/etc/config/firewall
index d78a00c..48b2440 100644
--- a/root/etc/config/firewall
+++ b/root/etc/config/firewall
@@ -19,7 +19,7 @@ config zone
 	list   network		'wan6'
 	option input		REJECT
 	option output		ACCEPT
-	option forward		REJECT
+	option forward		DROP
 	option masq		1
 	option mtu_fix		1
author	Andris PE	2024-02-29 14:17:03 +0000
committer	Jo-Philipp Wich	2025-03-17 15:46:41 +0000
commit	97962771aa3c490d6186e64015f85dd66254fdf0 (patch)
tree	ec84f4bed55e715d6d366d731e9bbc2d10996773
parent	00fc6943a29732375addf72a12f2381df5b25428 (diff)
download	firewall4-97962771aa3c490d6186e64015f85dd66254fdf0.tar.gz