Firewall input problem

Hi,

I have a little problem that I fixed but don’t fully understand.
So I am in network 192.168.1.0/24 and I am connecting to router 192.168.7.1/24 over L2TP.
I added the FW rule on 192.168.7.1:
add action=accept chain=input src-address=192.168.0.0/16
Then I wanted to drop everything else and i added:
add action=drop chain=input
and lost everything but i was in safe mode, so no harm done.
It worked when i added before drop line:
add action=accept chain=input comment=“Allow Established connections” connection-state=established



So if I understand it correctly my existing connection was dropped because the first rule applies only to new connections and I could actually connect if changes weren’t reverted because of the safe mode?
And with the rule “accept established connections”, connection wasn’t dropped because it allows my current connection to the router also.

Input chain → to the router ( typically for a. the admin to configure, b. for users to access services (e.g. DNS).
Therefore if you elect to use drop all (recommended!!) as the last rule you need to ensure rules exist to give access to the admin and users prior to the last rule.