A question about firewall behaviour :

I setup my filters as per some info collected on this forum:

add comment=“accept ICMP” chain=input action=accept protocol=icmp
add comment=“IPSEC Passthrough” chain=input action=accept protocol=ipsec-esp
add comment=“IPSEC Passthrough” chain=input action=accept protocol=udp dst-port=500
add comment=“IPSEC Passthrough” chain=input action=accept protocol=udp dst-port=4500
add comment=“WinBoxMng” chain=input action=accept protocol=tcp dst-port=8291
add comment=“accept established,related” chain=input action=accept connection-state=established,related
add comment=“drop all from WAN” chain=input action=drop in-interface=ether6
add comment=“drop all from WAN” chain=input action=drop in-interface=ether7
add comment=“drop all from WAN” chain=input action=drop in-interface=ether8
add comment=“drop all from WAN” chain=input action=drop in-interface=ether9
add comment=“drop all from WAN” chain=input action=drop in-interface=ether10
add comment=“fasttrack” chain=forward action=fasttrack-connection connection-state=established,related
add comment=“accept established,related” chain=forward action=accept connection-state=established,related
add comment=“drop invalid” chain=forward action=drop connection-state=invalid
add comment=“drop all from WAN not DSTNATed” chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether6
add comment=“drop all from WAN not DSTNATed” chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether7
add comment=“drop all from WAN not DSTNATed” chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether8
add comment=“drop all from WAN not DSTNATed” chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether9
add comment=“drop all from WAN not DSTNATed” chain=forward action=drop connection-state=new connection-nat-state=!dstnat in-interface=ether10

Anyway, I can reach a lan host via port forwarding despite a relative accept rule is not present in filter
Also if I try to connect a port that is not forwarded, the packet is not dropped by the filter.

Why is this ??
Thanks

What do you mean by

I can reach a lan host via port forwarding despite a relative accept rule is not present in filter

What you trying to reach your LAN host from? What is your WAN interface? What is your LAN interface?

Also if I try to connect a port that is not forwarded, the packet is not dropped by the filter.

Then your firewall is not configured properly.