diff --git a/source/firewall/firewall.c b/source/firewall/firewall.c
index 06086fb9..e5fdab26 100644
--- a/source/firewall/firewall.c
+++ b/source/firewall/firewall.c
@@ -12925,7 +12925,23 @@ static int prepare_subtables(FILE *raw_fp, FILE *mangle_fp, FILE *nat_fp, FILE *
 #endif
    }
 
+   /*
+    * Check if LAN to WAN forwarding is enabled
+   */
+   char cEnabled[8] = {0};
+   sysevent_get(sysevent_fd, sysevent_token, "lan_wan_forwarding_enabled", cEnabled, sizeof(cEnabled));
+   if ('\0' != cEnabled[0])
+   {
+       if('\0' == lan_ifname[0])
+           snprintf(lan_ifname, sizeof(lan_ifname), "brlan0");
 
+      int iEnabled = atoi(cEnabled);
+       if (0 == iEnabled)
+       {
+           fprintf(filter_fp, "-A lan2wan -i %s -j DROP\n", lan_ifname);
+           FIREWALL_DEBUG("LAN to WAN forwarding disabled, dropping all traffic from LAN to WAN\n");
+       }
+   }
    /***********************
     * set lan to wan subrule by order 
     * *********************/