9.2, fully patched, is router/gateway/firewall/email server but isn't providing any services to the outside except incoming email via SMTP, restricted to a specific IP range. It's getting hammered with incoming connections that just leave the poor thing hanging with a zillion SYN_RECV transactions pending. I've been playing whackamole with iptables and trying to get Fail2Ban to do something useful, but I'd rather just close the door.
Any way I can disable all incoming TCP requests on the WAN interface? Without killing server manager and Roundcube on the LAN interface?