diff --git a/internal/network/network.go b/internal/network/network.go
index 49c475e4..7cb6a6d3 100644
--- a/internal/network/network.go
+++ b/internal/network/network.go
@@ -49,7 +49,11 @@ func ConfigureForwarding(wgIface string, gatewayIface string, cidr string, allow
 		}
 	}
 
-	if err := ipt.AppendUnique("filter", "WG_ACCESS_SERVER_FORWARD", "-s", cidr, "-j", "REJECT"); err != nil {
+	target := "REJECT"
+	if IsSynologyDSM() {
+		target = "DROP"
+	}
+	if err := ipt.AppendUnique("filter", "WG_ACCESS_SERVER_FORWARD", "-s", cidr, "-j", target); err != nil {
 		return errors.Wrap(err, "failed to set ip tables rule")
 	}
 
@@ -85,5 +89,8 @@ func boolToRule(accept bool) string {
 	if accept {
 		return "ACCEPT"
 	}
+	if IsSynologyDSM() {
+		return "DROP"
+	}
 	return "REJECT"
 }
diff --git a/internal/network/utils.go b/internal/network/utils.go
new file mode 100644
index 00000000..930dc535
--- /dev/null
+++ b/internal/network/utils.go
@@ -0,0 +1,29 @@
+package network
+
+import (
+	"os"
+	"runtime"
+)
+
+func IsSynologyDSM() bool  {
+	if runtime.GOOS != "linux" {
+		return false
+	}
+	file, err := os.Stat("/usr/syno")
+	if err == nil && file.IsDir() {
+		return true
+	}
+	_, err = os.Stat("/proc/syno_platform")
+	if err == nil {
+		return true
+	}
+	_, err = os.Stat("usr/syno_cpu_arch")
+	if err == nil {
+		return true
+	}
+	_, err = os.Stat("usr/synobios")
+	if err == nil {
+		return true
+	}			
+	return false
+}
\ No newline at end of file