diff --git a/package/base/iptables/rocknet_iptables.sh b/package/base/iptables/rocknet_iptables.sh
index 8759f2450..05346cb95 100644
--- a/package/base/iptables/rocknet_iptables.sh
+++ b/package/base/iptables/rocknet_iptables.sh
@@ -29,7 +29,7 @@ iptales_parse_conditions() {
 			shift; shift
 			;;
 		    *)
-			error "Unkown allow/deny condition: $1"
+			error "Unkown allow/deny/drop condition: $1"
 			shift
 		esac
 	done
@@ -47,3 +47,9 @@ public_deny() {
 	iptables_init_if
 }
 
+public_drop() {
+	iptales_parse_conditions "$@"
+	addcode up 1 5 "iptables -A firewall_$if $iptables_cond -j DROP"
+	iptables_init_if
+}
+