Hi Blake, this is caused by a new rule that accepts all traffic with a ctstate of DNAT in order to simplify port forwarding rules, see `iptables-save | grep "Accept port forwards"`.
You can try to either remove that rule or place a few more before that to lock down the ports of the DNAT destinations. ~ Jow _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
