Matthew Lenz wrote:
so its safe to assume that internet -> WAN stuff should be blocked. but for internal access between my LAN/OPT interfaces and outbound WAN i can use reject and it wouldn't be considered bad form?
Under most circumstances, yes, that's correct.
