Default policy for FORWARD chain

[lomion0815]

I suggest to add ${default_policy} to the FORWARD_TEMPLATE and populate it with default_policy (identical to the INPUT template).
Otherwise the "accept" country policy has no effect.

Same should be true for the OUTPUT_TEMPLATE but I did not test it.

[tomasz-c]

I suggest to add ${default_policy} to the FORWARD_TEMPLATE and populate it with default_policy (identical to the INPUT template). Otherwise the "accept" country policy has no effect.

@lomion0815 thanks again for reporting the issue. I did not pay attention to this when accepting the PR.
This has been fixed in 6834b4e

Same should be true for the OUTPUT_TEMPLATE but I did not test it.

I don't want to change this because it would cause general problems with internet access. I think this is not the expected behavior of this tool and it would cause errors to be reported. If there are more requests to implement this, it might be worth considering a separate entry in the config. Currently, there is an appropriate note in the configuration file that this will not be blocked:

# Block output connections to blacklisted ips: 'on' or 'off', default: 'off'
# Connections to blocked countries will still be possible.
BLOCK_OUTPUT: off