A different difference is the last rule which drops all new connection tries within the WAN port to our LAN network (Unless of course DstNat is utilised). Without the need of this rule, if an attacker understands or guesses your local subnet, he/she will create connections on to regional hosts https://wbofficial.com
