I moved the drop rule to use insert instead of append because it fails to do the job if the system previously has other rules in the INPUT table that are not related to the coova interface. For example in my case the append rule lands after:
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
and this allows the hotspot client access to my ssh port, even though the port is not in HS_TCP_PORTS.
I moved the drop rule to use insert instead of append because it fails to do the job if the system previously has other rules in the INPUT table that are not related to the coova interface. For example in my case the append rule lands after: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT and this allows the hotspot client access to my ssh port, even though the port is not in HS_TCP_PORTS.