From 97962771aa3c490d6186e64015f85dd66254fdf0 Mon Sep 17 00:00:00 2001
From: Andris PE <neandris@gmail.com>
Date: Thu, 29 Feb 2024 16:17:03 +0200
Subject: [PATCH] config: drop to-be-forwarded-nowhere packets on wans

Dropping packets with no clear forward destination is nicer than rejecting
them. Especially when some providers punish users for spoofing caused by
their noisy infra.

Fixes: https://github.com/openwrt/openwrt/issues/13340
Signed-Off-By: Andris PE <neandris@gmail.com>
---
 root/etc/config/firewall | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/root/etc/config/firewall b/root/etc/config/firewall
index d78a00c..48b2440 100644
--- a/root/etc/config/firewall
+++ b/root/etc/config/firewall
@@ -19,7 +19,7 @@ config zone
 	list   network		'wan6'
 	option input		REJECT
 	option output		ACCEPT
-	option forward		REJECT
+	option forward		DROP
 	option masq		1
 	option mtu_fix		1
 
-- 
2.30.2