diff --git a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
index f8002336f..99ca4285f 100755
--- a/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
+++ b/openmptcprouter/files/etc/uci-defaults/1980-omr-firewall
@@ -1,5 +1,13 @@
 #!/bin/sh
 
+# Set REJECT as default rule if an interface is not in a zone
+uci -q batch <<-EOF >/dev/null
+	set firewall.@defaults[0].input='REJECT'
+	set firewall.@defaults[0].output='REJECT'
+	set firewall.@defaults[0].forward='REJECT'
+EOF
+
+
 if [ "$(uci -q get firewall.@zone[2].name)" = "vpn" ]; then
 	uci -q batch <<-EOF >/dev/null
 		del firewall.@zone[2]